On Dec 5, 2007 11:05 AM, Radu State [EMAIL PROTECTED] wrote:
# Humberto J. Abdelnur (Ph.D Student) #
# Radu State (Ph.D) #
# Olivier Festor (Ph.D) #
lol..
wow is all i can say to this..
let me enlighten you on the basics of Perl
$text = '';
are areas generally reserved for academics who
cannot publish anything useful so it seems appropriate that the bulk of your
publications are in this field.
On Dec 5, 2007 1:57 PM, [EMAIL PROTECTED] wrote:
hi Reepex,
I do not understand why are frustrated about a computer science degree.
Maybe
you should destroy myspace.com
after the downfall of and removal of myspace, many emo kids and future
teenage moms will commit sucide saving the world from future jerry springer
episodes and adding to the list of an heroes
On 11/30/07, gmaggro [EMAIL PROTECTED] wrote:
I think it'd be
so... what fuzzer that you didnt code did you use to find these amazing
vulns?
Also nice 'payload' in your exploits meaning 'nice long lists of as'. You
should not claim code execution when your code does not perform it.
Well I guess it has been good talking until your fuzzer crashes another
woah woah watch your words
many people on fd make their career based on 1) and 2) so dont diss them
unless you want to start an e-war
On 11/28/07, Peter Dawson [EMAIL PROTECTED] wrote:
Yeah ..
a) Social engineer victim to open it.
b) Persuade victim to run the command
is kind funky..
so you can .. read login details to databases, login to them, steal their
records, and then send them out? .. thanks for this ... groundbreaking
research
we hope that your next pdf will contain how to sniff telnet sessions and
then automatically hack something something something
anyway um ..
lol its always the lamest people that make responses like these
are you scared they will steal your latest post auth dos in a ftpd that no
one uses?
On Nov 21, 2007 11:51 AM, Morning Wood [EMAIL PROTECTED] wrote:
- Original Message -
From: James Rankin [EMAIL PROTECTED]
To:
gary mckinnon should be burned alive on charges of script kiddie douche bag
On 11/14/07, worried security [EMAIL PROTECTED] wrote:
if this guy [1] gets away with this then i want gary mckinnon [2]
taken off charges as well.
[1] http://www.theage.com.au/articles/2007/11/12/1194766589522.html
does badly recorded videos on random OSes like plan9 count?
On Nov 10, 2007 3:49 PM, don bailey [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok, so the first person to disclose a Linux kernel
zero day exploit in the next week will get 300$ from
me direct into
actually no one cares about your posts so it would be better if you stopped
posting completely
when you learn to install gcc you can come back
On Nov 3, 2007 6:39 PM, Dude VanWinkle [EMAIL PROTECTED] wrote:
On 11/3/07, worried security [EMAIL PROTECTED] wrote:
hi,
can everyone stop cross
On Nov 4, 2007 8:45 AM, Radu State [EMAIL PROTECTED] wrote:
P is the proxy located at URL:proxy.org
http://proxy.org X is the attacker located at URL: attacker.lan.org
V is the victim located at URL: victim.lan.org
V is also registered with P under the username
Pdp architect and I have been emailing back and forth about whether xss has
a place in fd, bugtraq, or the security research area at all. He decided
that we should start a discussion about in on here and gets peoples
unmoderated opinion. This discussion should not concern whether its
important
techniques which any script kiddie can
accomplish.
5) publishing xss shows your weakness and that you dont have the
publishing XSS makes you look stupid as well publishing a DoS cuz you
haven't investigated enough to see whether and how your findings can
be exploited.
we agree!!
reepex, I am
i seemed to reply to nexxus as you were writing your original reply which
ive since replied to. about this email though...
On Nov 4, 2007 3:13 PM, pdp (architect) [EMAIL PROTECTED]
wrote:
XSS today is where buffer overflows were 10-15 year ago. Moreover, did
you missed when I said that 99% of
wow you are an idiot. could you please stay off this discussion. we wanted
valid (professional) opinions not your retarded comments.
On Nov 4, 2007 5:07 PM, Dude VanWinkle [EMAIL PROTECTED] wrote:
On 11/4/07, reepex [EMAIL PROTECTED] wrote:
On Nov 4, 2007 3:13 PM, pdp (architect) [EMAIL
On Nov 4, 2007 4:43 PM, pdp (architect) [EMAIL PROTECTED]
wrote:
lets say 1 servers are running a vuln ftpd and another 1 are
running
the same open source web app. Which would you rather have the explot
for?
also which would be more practical to attack? assuming you have the
attacks that take over a victims computer are valid, then
you would have to now admit xss as valid as well.
Nate
Sent via BlackBerry from T-Mobile
-Original Message-
From: reepex [EMAIL PROTECTED]
Date: Sun, 4 Nov 2007 13:26:17
To:full-disclosure@lists.grok.org.uk, pdp
Matasano's latest post has addressed the FUD post by gadi evron now [1]. I
would ask gadi to comment on why he made such an outlandish post with no
technical analysis but we all
1) Gadi has no technical skills
2) He is too busy putting on makeup for his next random tech magazine
interview and
I guess you never heard of full disk encryption, finger print readers, or
caged machines.
On Nov 2, 2007 3:51 PM, Dude VanWinkle [EMAIL PROTECTED] wrote:
On 11/2/07, J. Oquendo [EMAIL PROTECTED] wrote:
Dude VanWinkle wrote:
A program installed under false pretenses that will give the
On Nov 1, 2007 9:36 AM, Joxean Koret [EMAIL PROTECTED] wrote:
First of all, yes, is a preauth sql injection in an admin
console but, if you have privileges to connect to the Oracle Financials
instance,
So as I said its 'post auth' sql injection but thanks for clarifying.
And second,
It is funny that gadi does not post to this list anymore.. maybe its because
he knows people here can actually express their opinion against his retarded
posts without being moderated?
anyway of course gadi is going to jump over stuff like this because it takes
no technical knowledge to write
On Nov 1, 2007 4:34 PM, Nick FitzGerald [EMAIL PROTECTED] wrote:
Yes, today, the average level of clue among Mac users is probably a
shade higher than amongst Windows users,
Is this a joke? The reason people switch to macs is because they cannot
handle simple tasks. Isnt the main thing said
I will take that pepsi challenge... what is at stake ;)
On Nov 1, 2007 4:50 PM, Paul Schmehl [EMAIL PROTECTED] wrote:
--On Thursday, November 01, 2007 16:42:51 -0500 reepex [EMAIL PROTECTED]
wrote:
On Nov 1, 2007 4:34 PM, Nick FitzGerald [EMAIL PROTECTED]
wrote:
Yes, today
lol pdp
On Nov 1, 2007 4:58 PM, Emmanouil Gavriil [EMAIL PROTECTED]
wrote:
Cross Site Scripting at howtoforge..
http://www.howtoforge.com/trip_search?keys=scriptalert('XSS-Test')/scripthttp://www.howtoforge.com/trip_search?keys=%3Cscript%3Ealert%28%27XSS-Test%27%29%3C/script
Emmanouil
seriously dude wtf ... have you even put any research or thought into this
topic? All you have done is paste other peoples sayings, links, and research
and spam them to mailing lists to get your name on this topic just like the
sendmail, solaris ftp, vnc, and every other bug that comes out.
Get a
thanks for your document design.. i would have chose a more blue font over
grey though
On Nov 1, 2007 5:34 PM, worried security [EMAIL PROTECTED]
wrote:
*CYBER TERRORISM*
*Talk about the current threat level.*
*Discuss the internet terror threat*
**
*SOFTWARE FLAWS*
*Post your own
resulting to se in a pen test cuz you cant break any of the actual machines?
lulz
On 10/31/07, Joshua Tagnore [EMAIL PROTECTED] wrote:
List,
Some time ago I remember that someone posted a PoC of a small site that
had a really nice looking flash animation that performed a virus scan and
of the .gov red teams ;]
On Wed, 31 Oct 2007, reepex wrote:
Date: Wed, 31 Oct 2007 16:56:20 -0500
From: reepex [EMAIL PROTECTED]
To: Joshua Tagnore [EMAIL PROTECTED],
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Flash that simulates virus scan
resulting to se in a pen
user interaction on a random file format? haven't we been over this
types of bugs?
This pool of zdi bugs is almost more laughable then idefense's aix spam flood
On 10/31/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
This vulnerability allows remote attackers to execute code on vulnerable
post auth sql injection in random admin console - lulz
On 10/31/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
The specific flaw exists in the okxLOV.jsp page in the Administration
console.
___
Full-Disclosure - We believe in it.
Charter:
dot dot dot
first an sql injection post that requires magic quotes off, then a
post about xss, and now a post about path disclosure?
Why waste cve entries and people's time with crap like this? Couldnt
you at least find post-auth ftp dos bugs like morning wood?
On 10/29/07, SecurityResearch
Since everyone who really understood the post did not reply, this
thread will serve as monument to all the people whose technical skills
hit a roadblock at xss and javascript
On 10/28/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
reepex wrote:
It seems our good friend and fellow poster pdp
CRIPEEE FIGHTT!!
On 10/28/07, Morning Wood [EMAIL PROTECTED] wrote:
your an ignorant little twat
if you had a clue you would see the OP stated the link will crash IE
now go away kthnx
- Original Message -
From: worried security [EMAIL PROTECTED]
To:
lol n3td3v and morning_wood fighting
http://youtube.com/watch?v=V_Y_fUhj6Bs
http://en.wikipedia.org/wiki/Cripple_Fight
thank you both for the entertainment that is your careers/lives/fd posts
On 10/27/07, worried security [EMAIL PROTECTED] wrote:
On 10/27/07, Morning Wood [EMAIL
please stop trying to ruin a noname company - all you are doing is
giving n3td3v more things to talk about so that people click his link
and his terrorist cell can be funded by adsense.
If you want a company to laugh at you should instead try irm and
their cisco xss.
On 10/27/07, [EMAIL
It seems our good friend and fellow poster pdp|architect is leaving
our scene for something else.
http://www.gnucitizen.org/about/pdp#comment-61753
pdp took alot of heat after his home router bug that affected millions
of people and maybe it was too much for him to handle. We hope he
comes back
stop you from what.. spamming us? I believe we have that handled.
Also don't annoy us because you can not get a job in the security
field like we have.
On 10/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
hahahahaha you can't stop us, silly whitehats
there are more of us, and we are
seriously. enough with the irc ass kissing.
On 10/26/07, don bailey [EMAIL PROTECTED] wrote:
Thank you, Captain Obvious - I specifically *said* that only one of them
needs to be blind spoofing.
only possible if sequence number is 100% (or close to 100%) predictable.
And Michael
Hi I am sorry to hear you just woke from your coma. It is now 2007 not 1995.
On 10/25/07, Oliver [EMAIL PROTECTED] wrote:
Hello,
I have been searching all over the place to find an answer to this question,
but Google has made me feel unlucky these last few days. I hope I could find
more
On 10/23/07, Seth Fogie [EMAIL PROTECTED] wrote:
* Risk Level:*
High - Spoofed log records / Injected JavaScript can lead to malware
attacks
Risk level high and javascript do not belong together
___
Full-Disclosure - We believe in it.
Charter:
Bug 1:
The Line Printer Daemon, which provides print server functionality in
Cisco IOS is vulnerable to a software flaw whereby the length of the
hostname of the router is not checked before being copied into a fixed
size memory buffer. . However, the attacker must be able to
control the
SHUT UP PDP
SEND XSS TO SECURITY BASICS
On 10/22/07, SkyOut [EMAIL PROTECTED] wrote:
-
|| WWW.SMASH-THE-STACK.NET ||
-
|| ADVISORY: IFNET.IT WEBIF XSS VULNERABILITY
_
|| 0x00: ABOUT ME
|| 0x01: DATELINE
||
whats the point of the blocking the url when its in google cache?
http://64.233.169.104/search?q=cache:Y4hf4gOOAc8J:www.newskicks.com/avatars/user_uploaded//ts-audiotomidi-full-crack.html+muonline+huck+1+hit+panasonic+gd+68+acid+5+mp3hl=enct=clnkcd=2gl=usclient=firefox-a
also you are lucky some
101 - 143 of 143 matches
Mail list logo