Heh watch out for that DMCA. -KF
Lorenzo Hernandez Garcia-Hierro wrote:
Dear Paul, I've testing your exploit ( good one ) for the supposed html encryption weak of SaS. I think yo toke the exploit/perl script from a developers site because SaS is using an standard of encoding, here is the proof : variables for function _fwk_filter_encrypt($content) $table = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_@"; $xor = 165; as you see it's not encryption , so , you didn't cracked nothing.... you decoded it ! the script its not for protect sites information such as passwds or usrnames , etc , it is stupid to use it for those things. It is only a low protection for people that copy contents ( people that its only interested in copying things ) and its not for critical uses. Another thing: here is the code for prepare tables of encoding characters: $table = array_keys(count_chars($table, 1)); $i_min = min($table); $i_max = max($table); for ($c = count($table); $c > 0; $r = mt_rand(0, $c--)) array_splice($table, $r, $c - $r, array_reverse(array_slice($table, $r, $c - $r)));
the encode sequence:
$len = strlen($content); $word = $shift = 0; for ($i = 0; $i < $len; $i++) { $ch = $xor ^ ord($content[$i]); $word |= ($ch << $shift); $shift = ($shift + 2) % 6; $enc .= chr($table[$word & 0x3F]); $word >>= 6; if (!$shift) { $enc .= chr($table[$word]); $word >>= 6; } } if ($shift) $enc .= chr($table[$word]);
--- THE FINAL DECODE SEQUENCE ---- // Decode sequence $tbl = array_fill($i_min, $i_max - $i_min + 1, 0); while (list($k,$v) = each($table)) $tbl[$v] = $k; $tbl = implode(",", $tbl);
$fi = ",p=0,s=0,w=0,t=Array({$tbl})"; $f = "w|=(t[x.charCodeAt(p++)-{$i_min}])<<s;"; $f .= "if(s){r+=String.fromCharCode({$xor}^w&255);w>>=8;s-=2}else{s=6}";
---- You see ? xD So definately not encryption , you are wrong.... encoding , i know , is a shit form to protect things but its the easier and fast form to bind a low protection system for contents. here is the javascript used: $r.= "function decrypt_p(x){"; $r.= "var l=x.length,b=1024,i,j,r{$fi};"; $r.= "for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){{$f}}do cument.write(r)}"; $r.= "}decrypt_p(\"{$enc}\")";
CONCLUSIONS: - I think , i can be sure checking this later , you copied the exploit code from a developers site. - You were first wrong saying that the Encryption system is cracked , asyou see you dind't cracked nothing !! you decoded a simple xor sequence w00w! - Your claims saying i have lots of free time for [-] other sites[-] its completely inapropiatted, first of all: - i don't make these things for famous , just for fun and hobby - i don't say false things - sometimes i'm wrong ( i'm human ) or lots of times ! but the important thing is that i recognice my errors.
-- Thank you and next time do a better research. Best regards to all the members of Ful-Disclosure. ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html