[Full-disclosure] XSS and SQL Injection in Election Commision of India website (now fixed)

[Ajay Pal Singh Atwal]

Election Commission of India website had XSS and SQL injection vulnerabilities.

The vulnerabilities were reported on 2nd of March to ECI and on 4th March to 
CERT-IN, for the following URL:

http://search.eci.gov.in/maps/eci_se2007/detailResult.asp

The above script is used to display detailed results of a given constituency.

On 9th March 2007 Election Commission of India Fixed (disabled parts of) their 
website to avoid XSS and SQL injection vulnerabilities after intervention of 
CERT-IN. 

Still a bit of usually harmless data insertion is possible. 

-- 
Sincerely

Ajay Pal Singh Atwal

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Php Nuke POST XSS on steroids

[Paul Laudanski]

ascii wrote:
> Php Nuke POST XSS on steroids
>
>  Name  Php Nuke POST XSS on steroids
>  Systems Affected  PHP >=4.0.7 <=5.2.1, GLOBALS OFF, Php Nuke 8.0 and
>others (partially verified)
>  Severity  Medium
>  Vendorhttp://php nuke.org/
>  Advisory  http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/
>  Authors   Francesco `ascii` Ongaro ([EMAIL PROTECTED])
>Stefano `wisec` di Paola ([EMAIL PROTECTED])
>  Date  20070307
> --- >8 --- >8 --- >8 --- >8 --- testsuite.sh --- >8 --- >8 --- >8 --- >8
>
> #!/bin/bash
>
> cat > REQ << TOKEN
> POST /modules.php?name=Downloads&d_op=search&query= HTTP/1.1
> Host: www.phpnuke.org
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2)
> Gecko/20070220 Firefox/2.0.0.2
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Connection: close
> Referer: http://www.phpnuke.org/modules.php?name=Downloads
> Cookie: lang=english
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 23
>
> query=token<>token
>
> TOKEN
>
> cat REQ | nc www.phpnuke.org 80 -vvv
>
> --- >8 --- >8 --- >8 --- >8 ---  --- >8 --- >8 --- >8 --- >8
>
> $ ./testcase | grep "token<>token"
> DNS fwd/rev mismatch: www.phpnuke.org != ev1s-67-15-16-43.ev1servers.net
> www.phpnuke.org [67.15.16.43] 80 (http) open
>  action="modules.php?name=Downloads&d_op=search&query=token<>toke
>
> Regards,
> Francesco `ascii` Ongaro
> http://www.ush.it/
>
>   
I tried both your scripts at a few locations, and all I get back is this:



400 Bad Request

Bad Request
Your browser sent a request that this server could not understand.
Request header field is missing ':' separator.

Gecko/20070220 Firefox/2.0.0.2



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Php Nuke POST XSS on steroids

[ascii]

Paul Laudanski wrote:
> I tried both your scripts at a few locations, and all I get back is this
[cut]

hi Paul, long time from ccc : )

it happens because http headers must be on a single line, it's a
formatting issue (my fault, i used to put a link to a plain text
version but this time i forgot about it), i've just created a txt
version of the advisory available here:

http://phpfi.com/214668

it should be more usable, i dunno when the demos will stop working
on phpnuke.org so i've asked wisec to upload this video since www.ush.it
has bandwidth issues

http://www.wisec.it/ush/phpnukexss.html

obviously to bypass the anti-CSRF filter you have to mix the XSS with
the import_request_variables() trick (this doesn't work on phpnuke.org
because they have globals on, this is why i choose that domain)

consider that import_request_variables() will allows you to do much
more than an XSS, this is just an example advisory on an example product

See you,
Francesco `ascii` Ongaro
http://www.ush.it/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Is OWASP vulnerable ??

[Michael Silk]

hahahaha, that was definately the most valuable contribution to this whole
discussion.


On 3/12/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:


 *The Knaller 2007 * You surf in the Internet and pay billions others, to
reach you as customers.
 It wouldn't be beautiful, if you could also get what ??
This is no more dream now. Agloco makes this possible. No costs or
subsequent costs

?? and the income ??

Become partners and another 5 partners advertise.
 Everybody surfs for 5 hours in the month
makes 761.25 dollars = with 10 partners 1517.50 dollars =
(The computer is in the member area)

*Registering now free of charge. *

In addition, you get money in the Internet by the surfing at activated
view beard. 100% of the profit are distributed to the members by AGLOCOT
because. The one who further builds up the community can in addition earn
more: because you recommend AGLOCOT per more persons, you can make a the
higher profit. This comes that not only your online hours but also that one
of your recommendations be collected on your account. And just as also the
hours of the recommendations of your recommendations up to the 5th level!
This will be a strong drive for this to extend the member number very fast
for certain. In the month, you can get more as 7,000 shares if e.g. you
have attracted 10 persons, and each of these in turn 5 persons!

Lose no time. This is a Win-Win opportunity and all the more profitable it
gets for you if you still have your friends and family registered today
before others make it!


-Ursprüngliche Mitteilung-
Von: [EMAIL PROTECTED]
An: [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk
Verschickt: So., 11. Mrz. 2007, 13:21
Thema: Re: [Full-disclosure] Is OWASP vulnerable ??

> Paul, if you find a way to get something to execute an eval() with data that
> you control, and all you can get out of that is an information disclosure,
> you *really* need to find a new line of work.

Valdis, its javascript, as in client side, if you want to eval()
something on your machine, use notepad/vi. An undefined variable isn't
going to get you *anywhere* without some other bug, i.e. XSS, which makes
the undefined variable a moot point. *You* should consider a new line of
work.



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 --
*Kostenlos: AOL eMail* 
2 GB Speicherplatz sowie erstklassiger Spam- und eMail Virenschutz.
Sichern Sie sich Ihre persönliche eMail Adresse noch heute!

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
mike
00110001 <3 00110111
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] firefox 2.0.0.2 crash

[endrazine]

Mihai Dontu a écrit :
> On Friday 09 March 2007 20:31, Tõnu Samuel wrote:
>   
>> Can be dupe but in fast browsing over topics I did not discovered this
>> exploit:
>>
>> http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif
>> 

Makes gimp 2.2.12 segfault.

[EMAIL PROTECTED] ~/firefox.crash $ gimp 
./firefox-crash-save-session-before-clicking.gif
GIF: too much input data, ignoring extra...
GIF: bogus character 0x00, ignoring.
GIF: too much input data, ignoring extra...
GIF: bogus character 0x00, ignoring.
GIF: bogus character 0x23, ignoring.
GIF: bogus character 0xf9, ignoring.
GIF: bogus character 0x04, ignoring.
GIF: bogus character 0x05, ignoring.
GIF: bogus character 0x0a, ignoring.
GIF: bogus character 0x00, ignoring.
GIF: bogus character 0x0e, ignoring.
GIF: bogus character 0x00, ignoring.

(gifload:8687): LibGimp-CRITICAL **: gimp_drawable_get: assertion `width 
 > 0 && height > 0 && bpp > 0' failed
/usr/lib/gimp/2.0/plug-ins/gifload: fatal error: Erreur de segmentation
[EMAIL PROTECTED] ~/firefox.crash $


Cheers,

endrazine



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] is scarlet pimpernel a dork? [was] Is OWASP vulnerable ??

[Knud Erik Højgaard]

On 3/10/07, Scarlet Pimpernel <[EMAIL PROTECTED]> wrote:

bla bla i don't know the language i am auditing.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] etom 7.0 paper.

[Ozan Ozkara]

Hi folks,

I am trying to find Etom (enhanced Telecom Operations Map) version 7.0
paper. I would appreciate if anyone has already have this version of
eTom and send me immediately

Regards

-ozan 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues

[czino2]

The Knaller 2007 
You surf in the Internet and pay billions others, to reach you as customers.
 It wouldn't be beautiful, if you could also get what ?? 
This is no more dream now. Agloco makes this possible. No costs or subsequent 
costs 
 
?? and the income ?? 
 
Become partners and another 5 partners advertise.
 Everybody surfs for 5 hours in the month 
makes 761.25 dollars = with 10 partners 1517.50 dollars = 
(The computer is in the member area) 
 
Registering now free of charge.
 
In addition, you get money in the Internet by the surfing at activated view 
beard. 100% of the profit are distributed to the members by AGLOCOT because. 
The one who further builds up the community can in addition earn more: because 
you recommend AGLOCOT per more persons, you can make a the higher profit. This 
comes that not only your online hours but also that one of your recommendations 
be collected on your account. And just as also the hours of the recommendations 
of your recommendations up to the 5th level! This will be a strong drive for 
this to extend the member number very fast for certain. In the month, you can 
get more as 7,000 shares if e.g. you have attracted 10 persons, and each of 
these in turn 5 persons!
 
Lose no time. This is a Win-Win opportunity and all the more profitable it gets 
for you if you still have your friends and family registered today before 
others make it!
 
 
 
 
 
-Ursprüngliche Mitteilung- 
Von: [EMAIL PROTECTED]
An: full-disclosure@lists.grok.org.uk
Verschickt: So., 11. Mrz. 2007, 0:50
Thema: Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file 
management security issues


3APA3A wrote:

>  And now is most exciting: Users have permission to create files in this
>  directory, that is pre-open attack is possible.

holy %&[EMAIL PROTECTED] you're right:

D:\WINDOWS\security\templates>more "setup security.inf" | findstr /r /i 
"\"
"d:\windows\temp", 2, 
"D:P(A;CI;0x100026;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)
(A;CIOI;GA;;;CO)"

Where "(A;CI;0x100026;;;BU)" =
A = access allowed
CI = container and items (subfolders and files), this folder only
0x100026 = SYNCHRONIZE, traverse, create files, create subfolders
BU = BUILTIN\Users

/revokes
/plans to eventually make a custom security policy .inf

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Kostenlos: AOL eMail
2 GB Speicherplatz sowie erstklassiger Spam- und eMail Virenschutz.
Sichern Sie sich Ihre persönliche eMail Adresse noch heute!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Is OWASP vulnerable ??

[czino2]

The Knaller 2007 
You surf in the Internet and pay billions others, to reach you as customers.
 It wouldn't be beautiful, if you could also get what ?? 
This is no more dream now. Agloco makes this possible. No costs or subsequent 
costs 
 
?? and the income ?? 
 
Become partners and another 5 partners advertise.
 Everybody surfs for 5 hours in the month 
makes 761.25 dollars = with 10 partners 1517.50 dollars = 
(The computer is in the member area) 
 
Registering now free of charge.
 
In addition, you get money in the Internet by the surfing at activated view 
beard. 100% of the profit are distributed to the members by AGLOCOT because. 
The one who further builds up the community can in addition earn more: because 
you recommend AGLOCOT per more persons, you can make a the higher profit. This 
comes that not only your online hours but also that one of your recommendations 
be collected on your account. And just as also the hours of the recommendations 
of your recommendations up to the 5th level! This will be a strong drive for 
this to extend the member number very fast for certain. In the month, you can 
get more as 7,000 shares if e.g. you have attracted 10 persons, and each of 
these in turn 5 persons!
 
Lose no time. This is a Win-Win opportunity and all the more profitable it gets 
for you if you still have your friends and family registered today before 
others make it!
 
 
-Ursprüngliche Mitteilung- 
Von: [EMAIL PROTECTED]
An: [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk
Verschickt: So., 11. Mrz. 2007, 10:11
Thema: Re: [Full-disclosure] Is OWASP vulnerable ??


Sorry, I didn't mention this in my original reply, if you type the
variable name into google you'll get several hits from the wiki software
they use, appearantly it used to be considered a security hole by the
authors of the software if the wiki was embedded in another frame, so
thats what that check was, however anymore it is disabled by default, and
web app authors being what they are, disabled most likely means they
commented out the declaration.

On Sat, 10 Mar 2007, Scarlet Pimpernel wrote:

> Date: Sat, 10 Mar 2007 13:06:34 -0800 (PST)
> From: Scarlet Pimpernel <[EMAIL PROTECTED]>
> To: Andrew Farmer <[EMAIL PROTECTED]>
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Is OWASP vulnerable ??
>
> Hey Andrew :)
>
> Corrected the blog entry, Thanks for your email...
>
> Also added "jf at danglingpointers dot net" ... since he was the first to 
reply.
>
> I hope this is just a bug, probably something that could cause minimal damage 
and not a vulnerability.
>
> Cheers :)
> Kish
>
> Andrew Farmer <[EMAIL PROTECTED]> wrote: On 10 Mar 07, at 09:23, Scarlet 
Pimpernel wrote:
> > Hello all,
> >
> > There is an undefined function in OWASP website's javascript code
> > (wikibits.js)
> > called wgBreakFrames. This can cause potential damage to the site
> > if used maliciously.
> >
> ...
> > if (wgBreakFrames) {
> ...
>
> First of all, that's a variable, not a function. Creating a function
> called "wgBreakFrames" wouldn't execute the function.
>
> Second of all, I'm not really sure how that could be "used
> maliciously". If you're able to inject Javascript into the window
> context, you can already do whatever you like to the user's browser.
> So I'm not quite sure how this is supposed to "cause potential damage
> to the site".
>
>
>
> Remember there is alwayz someone who knows more than us out there
>
>
> -
> Be a PS3 game guru.
> Get your game face on with the latest PS3 news and previews at Yahoo! Games.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Kostenlos: AOL eMail
2 GB Speicherplatz sowie erstklassiger Spam- und eMail Virenschutz.
Sichern Sie sich Ihre persönliche eMail Adresse noch heute!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Exploit selling service up and running

[czino2]

The Knaller 2007 
You surf in the Internet and pay billions others, to reach you as customers.
 It wouldn't be beautiful, if you could also get what ?? 
This is no more dream now. Agloco makes this possible. No costs or subsequent 
costs 
 
?? and the income ?? 
 
Become partners and another 5 partners advertise.
 Everybody surfs for 5 hours in the month 
makes 761.25 dollars = with 10 partners 1517.50 dollars = 
(The computer is in the member area) 
 
Registering now free of charge.
 
In addition, you get money in the Internet by the surfing at activated view 
beard. 100% of the profit are distributed to the members by AGLOCOT because. 
The one who further builds up the community can in addition earn more: because 
you recommend AGLOCOT per more persons, you can make a the higher profit. This 
comes that not only your online hours but also that one of your recommendations 
be collected on your account. And just as also the hours of the recommendations 
of your recommendations up to the 5th level! This will be a strong drive for 
this to extend the member number very fast for certain. In the month, you can 
get more as 7,000 shares if e.g. you have attracted 10 persons, and each of 
these in turn 5 persons!
 
Lose no time. This is a Win-Win opportunity and all the more profitable it gets 
for you if you still have your friends and family registered today before 
others make it!
 
 
-Ursprüngliche Mitteilung- 
Von: [EMAIL PROTECTED]
An: [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk
Verschickt: So., 11. Mrz. 2007, 3:49
Thema: Re: [Full-disclosure] Exploit selling service up and running


Immunity canvas and core impact could make alot from this selling site ;)


On 3/10/07, kingcope <[EMAIL PROTECTED] > wrote: 
Hello List,
 
This is Kingcope. We now have our Exploit selling site
up and running. On www.com-winner.com you can purchase
quality advisories and exploits. Feel free to contact
our sales person for getting the latest Zero-Days.
 
 
Best Regards,
 
kingcope
com-winner.com Research Team 
 
 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
http://www.goldwatches.com/watches.asp?Brand=39
http://www.wazoozle.com 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Kostenlos: AOL eMail
2 GB Speicherplatz sowie erstklassiger Spam- und eMail Virenschutz.
Sichern Sie sich Ihre persönliche eMail Adresse noch heute!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Is OWASP vulnerable ??

[czino2]

The Knaller 2007 
You surf in the Internet and pay billions others, to reach you as customers.
 It wouldn't be beautiful, if you could also get what ?? 
This is no more dream now. Agloco makes this possible. No costs or subsequent 
costs 
 
?? and the income ?? 
 
Become partners and another 5 partners advertise.
 Everybody surfs for 5 hours in the month 
makes 761.25 dollars = with 10 partners 1517.50 dollars = 
(The computer is in the member area) 
 
Registering now free of charge.
 
In addition, you get money in the Internet by the surfing at activated view 
beard. 100% of the profit are distributed to the members by AGLOCOT because. 
The one who further builds up the community can in addition earn more: because 
you recommend AGLOCOT per more persons, you can make a the higher profit. This 
comes that not only your online hours but also that one of your recommendations 
be collected on your account. And just as also the hours of the recommendations 
of your recommendations up to the 5th level! This will be a strong drive for 
this to extend the member number very fast for certain. In the month, you can 
get more as 7,000 shares if e.g. you have attracted 10 persons, and each of 
these in turn 5 persons!
 
Lose no time. This is a Win-Win opportunity and all the more profitable it gets 
for you if you still have your friends and family registered today before 
others make it!
 
 
-Ursprüngliche Mitteilung- 
Von: [EMAIL PROTECTED]
An: [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk
Verschickt: So., 11. Mrz. 2007, 13:21
Thema: Re: [Full-disclosure] Is OWASP vulnerable ??


> Paul, if you find a way to get something to execute an eval() with data that
> you control, and all you can get out of that is an information disclosure,
> you *really* need to find a new line of work.

Valdis, its javascript, as in client side, if you want to eval()
something on your machine, use notepad/vi. An undefined variable isn't
going to get you *anywhere* without some other bug, i.e. XSS, which makes
the undefined variable a moot point. *You* should consider a new line of
work.



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Kostenlos: AOL eMail
2 GB Speicherplatz sowie erstklassiger Spam- und eMail Virenschutz.
Sichern Sie sich Ihre persönliche eMail Adresse noch heute!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [WEB SECURITY] Re: Good resources on Web 2.0

[czino2]

The Knaller 2007 
You surf in the Internet and pay billions others, to reach you as customers.
 It wouldn't be beautiful, if you could also get what ?? 
This is no more dream now. Agloco makes this possible. No costs or subsequent 
costs 
 
?? and the income ?? 
 
Become partners and another 5 partners advertise.
 Everybody surfs for 5 hours in the month 
makes 761.25 dollars = with 10 partners 1517.50 dollars = 
(The computer is in the member area) 
 
Registering now free of charge.
 
In addition, you get money in the Internet by the surfing at activated view 
beard. 100% of the profit are distributed to the members by AGLOCOT because. 
The one who further builds up the community can in addition earn more: because 
you recommend AGLOCOT per more persons, you can make a the higher profit. This 
comes that not only your online hours but also that one of your recommendations 
be collected on your account. And just as also the hours of the recommendations 
of your recommendations up to the 5th level! This will be a strong drive for 
this to extend the member number very fast for certain. In the month, you can 
get more as 7,000 shares if e.g. you have attracted 10 persons, and each of 
these in turn 5 persons!
 
Lose no time. This is a Win-Win opportunity and all the more profitable it gets 
for you if you still have your friends and family registered today before 
others make it!
 
 
-Ursprüngliche Mitteilung- 
Von: [EMAIL PROTECTED]
An: [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]
Verschickt: So., 11. Mrz. 2007, 2:25
Thema: Re: [Full-disclosure] [WEB SECURITY] Re: Good resources on Web 2.0



RSS and web feed security documentation and resource repository 
http://www.cgisecurity.com/rss/

Ajax Security Resource Repository
http://www.cgisecurity.com/ajax/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Kostenlos: AOL eMail
2 GB Speicherplatz sowie erstklassiger Spam- und eMail Virenschutz.
Sichern Sie sich Ihre persönliche eMail Adresse noch heute!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [WEB SECURITY] Re: Good resources on Web 2.0

[bugtraq]

RSS and web feed security documentation and resource repository 
http://www.cgisecurity.com/rss/

Ajax Security Resource Repository
http://www.cgisecurity.com/ajax/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/