Re: [Full-disclosure] DIE IN A FIRE post
DIE IN A FIRE !!!1!1! Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Tue, 26 Aug 2008 18:59:06 -0700 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] test post test _ Talk to your Yahoo! Friends via Windows Live Messenger. Find out how. http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux's unofficial security-through-coverup policy
In reference to this: http://article.gmane.org/gmane.linux.kernel/706950 There is this: http://img136.imageshack.us/img136/7451/poster68251050mx9.jpg Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Wed, 16 Jul 2008 09:44:37 -0400 To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] CC: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Linux's unofficial security-through-coverup policy Hi all, I doubt many of you are following the discussions (if they can be called that) that have been going on on LWN for the past couple weeks regarding security fixes being intentionally covered up by the Linux kernel developers and -stable maintainers. Here are some references: http://lwn.net/Articles/285438/ http://lwn.net/Articles/286263/ http://lwn.net/Articles/287339/ http://lwn.net/Articles/288473/ http://lwn.net/Articles/289805/ The Linux kernel has a formal policy in Documentation/SecurityBugs which states under Section 2 Disclosure: We prefer to fully disclose the bug as soon as possible. However, their policy in reality is quite different, as you can see for yourself in the discussion going on now on LKML: http://marc.info/?t=121507404600023r=1w=2 Some choice quotes from Linus that reflect how sad the current state is: http://marc.info/?l=linux-kernelm=121617056910384w=2 (on commenting about what he would allow to be included in a commit message) I literally draw the line at anything that is simply greppable for. If it's not a very public security issue already, I don't want a simple git log + grep to help find it. http://marc.info/?l=linux-kernelm=121613851521898w=2 (when talking about the security backports Linux vendors provide for customers) And they mostly do a crap job at it, only focusing on a small percentage (the ones that were considered to be big issues) They seem to have the impression that people who find an exploit kernel vulnerabilities rely on the commit messages fixing the vulnerability including some mention of security. As it should be clear to anyone actually involved in the security community, or anyone who has ever written an exploit (particularly for the myriad silently fixed vulnerabilities in Linux), this is far from reality. The people who *do* rely on these messages and announcements however are the smaller distributions and individual users. Yet Linus et al believe they're helping you by pulling the wool over your eyes regarding the exploitable vulnerabilities in their OS. To illustrate the point, in the 2.6.25.10 kernel, the following fix was included with the commit message of: Roland McGrath (1): x86_64 ptrace: fix sys32_ptrace task_struct leak The kernel was released with no mention of security vulnerabilities in the announcement, only assorted bugfixes. Put simply, it only took about an hour or so to develop a PoC for this exploitable vulnerability which affects 64bit x86_64 kernels since January. So since the time of the fix itself (or even before that if someone spotted it before the kernel developers did themselves) users have been at risk. Yet in the imaginary world they live in, these kernel developers think they're protecting you from that risk by not telling you what you're vulnerable to. Please let them know what you think of their policy of non-disclosure and coverups. I hope someone also educates them on their ridiculous notion of untrusted local users like Greg uses in his announcement of the 2.6.25.11 kernel: http://lwn.net/Articles/289804/ If you remain complacent about the state of affairs, you're only enabling them to continue their current misguided foolishness. -Brad _ Stay in touch when you're away with Windows Live Messenger. http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_messenger2_072008___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Kaminsky DNS bug leaked
Nice trick, the real information is here: http://tinyurl.com/dnsExploitSecret Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Tue, 15 Jul 2008 11:17:30 -0700 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Kaminsky DNS bug leaked Dino Dai Zovi finally spilled the beans: http://twitter.com/dinodaizovi/statuses/858981957 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Making the world a better place one message at a time. http://www.imtalkathon.com/?source=EML_WLH_Talkathon_BetterPlace___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTTP cache poisoning via Host header injection
But PHPNuke is not vulnerable right? (breaths a sigh of relief) Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Thu, 12 Jun 2008 10:40:13 -0700 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] HTTP cache poisoning via Host header injection I've confirmed this in default installations of a few web frameworks including Rails, Zope and WordPress. The basic vulnerability comes when: 1) Your web server does not validate the Host header 2) Your code or your framework uses the Host header value to build links 3) You employ page or fragment caching There may be phishing-type exploits possible even if a site does not do 3), if there are caching proxies at the ISP level. $ telnet www.example.com 80 Trying 1.2.3.4... Connected to www.example.com. Escape character is '^]'. GET /foo/bar.html HTTP/1.1 User-Agent: Mozilla Host: evilsite.com# HTTP/1.1 200 OK Date: Wed, 10 Jun 2008 00:27:45 GMT Server: Apache Cache-Control: max-age=60 Expires: Wed, 17 Jun 2008 00:27:45 GMT Content-Length: 2959 Content-Type: text/html; charset=iso-8859-1 html head titleFoo : Bar/title /head body a href=http://evilsite.com#/;Home/a a href=http://evilsite.com#/about;About/a a href=http://evilsite.com#/login;Login/a [...snip...] hr addressApache Server at evilsite.com# Port 80/address /body/html Some more details here: http://carlos.bueno.org/2008/06/host-header-injection.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Instantly invite friends from Facebook and other social networks to join you on Windows Live™ Messenger. https://www.invite2messenger.net/im/?source=TXT_EML_WLH_InviteFriends___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack
I need to go to your site and take one of your other bugs so I can GET PAID!! :) Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Wed, 4 Jun 2008 21:24:46 +0100 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: Re: [Full-disclosure] ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability During the handling of an encoded authentication request, the process copies the user-supplied login information into a fixed length stack buffer This one seems exactly the same vulnerability I disclosed in February 2008 and for which I wrote also a testing attack (number 7) in my doubletakedown proof-of-concept: http://aluigi.org/adv/doubletakedown-adv.txt Anyway it's an old version of Double-Take so should be not considered, in fact I mentioned that old bug in my advisory only for thoroughness but without the minimal consideration since the bug was already found and patched by the same vendor (Double-Take, not HP). --- Luigi Auriemma http://aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Instantly invite friends from Facebook and other social networks to join you on Windows Live™ Messenger. https://www.invite2messenger.net/im/?source=TXT_EML_WLH_InviteFriends___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tool for SSL Proxy mitm
I could try to do some API hooking Good, get on it... Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Tue, 20 May 2008 12:06:07 -0400 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Tool for SSL Proxy mitm Hello, I'm looking for a SSL proxy to do a mitm against a specific software. Since there is certificate verification, what I'm thinking is to modify the program certificates so it can communicate with the proxy and then have the proxy communicate with the final server with legit identification grabbed from the program. My objective is to snoop what is being sent. I could try to do some API hooking but still not explored this on Mac OS X. Anyone knows some good reading for hooking on Tiger ? Thanks, fG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ E-mail for the greater good. Join the i’m Initiative from Microsoft. http://im.live.com/Messenger/IM/Join/Default.aspx?source=EML_WL_ GreaterGood___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pointless Post
Here is something with substance. ,'``.._ ,'``. :,--._:)\,:,._,.: All Glory to :`--,'' :`...';\ the HYPNO TOAD! `,' `---' `. / : / \ ,' :\.___,-. `...,---'``-..._|: \ ( ) ;:) \ _,-. `. ( // `'\ : `.// ) ) , ; ,-|`._,'/ )) ,' ,' ( :`.`-....=:.-': . _,' ,' `,'\ ``---)='`._, \ ,') _ '``._ _.-/ _ `. (_) / )' ; / \ \`-.' `--( `-:`. `' ___..' _,-' |/ `.) `-. `.`.``-``--, .' |/`.\`',','); ` (/ (/ Enjoy reading that on your f*cking blackberry (another pretentious device that is out of control). Shirkdog ' or 1=1-- http://www.shirkdog.us To: full-disclosure@lists.grok.org.uk From: [EMAIL PROTECTED] Date: Wed, 21 May 2008 02:13:31 + Subject: [Full-disclosure] Pointless Post I have nothing to say but since I can just make a post and say nothing of substance like the ones I have been receiving I decided to say thank you with this pointless post. Maybe I should add the name netdev and then everyone will reply with hate post and cause it to run on for weeks. Thanks for nothing Sent from my Verizon Wireless BlackBerry ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Change the world with e-mail. Join the i’m Initiative from Microsoft. http://im.live.com/Messenger/IM/Join/Default.aspx?source=EML_WL_ChangeWorld___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] R.I.P rgod - :(
You're not dead...you don't want to go on the cart... you feel fine...you might go for a walk...you feel happy? :) Shirkdog ' or 1=1-- http://www.shirkdog.us From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Date: Mon, 28 Apr 2008 19:32:57 +0430 Subject: [Full-disclosure] R.I.P rgod - :( I am *not* dead. :( http://retrogods.blogspot.com/ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! Try it! _ Spell a grand slam in this game where word skill meets World Series. Get in the game. http://club.live.com/word_slugger.aspx?icid=word_slugger_wlhm_admod_april08___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to become a Computer Security Professional ?
The first step is to never send email to the full-disclosure list ever again. The second step is to learn the word google. Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Sat, 17 Nov 2007 19:08:46 +0600 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] How to become a Computer Security Professional ? What are the steps to follow to become a computer security professional ?, to be able to research vulnerabilities ?, code exploits ? What do I have to learn ? and which learning resources and books would be nice ? I've learned C programming, C# programming, PHP , SQL and i know how to use Linux and right now, i'm learning assembly language and linux programming . is it the right way to go ? should I learn Windows programming as well ? It's always been my dream. Waiting for any suggestions ? __ Message sent through the Mailserver of IUT -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Your smile counts. The more smiles you share, the more we donate. Join in. www.windowslive.com/smile?ocid=TXT_TAGLM_Wave2_oprsmilewlhmtagline___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CISSPs securing ur networks
Is it time for a CISSP wall of shame? H. Daniel Regalado Arias, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Sun, 21 Oct 2007 10:47:13 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] CISSPs securing ur networks He's been spamming that list for a while now asking questions about SQL injections and other web app vulnerabilities. I don't know why the moderators let his posts through. On 10/21/07, cybergoth [EMAIL PROTECTED] wrote: http://lists.immunitysec.com/pipermail/dailydave/2007-October/004686.html _ Windows Live Hotmail and Microsoft Office Outlook – together at last. Get it now. http://office.microsoft.com/en-us/outlook/HA102225181033.aspx?pid=CL100626971033___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] RE: Marc Vilanova Vilasero e stá ausente de la oficina.
Google Language Tools: --- I will be absent from the office since October 19, 2007 and will not until October 26, 2007. Respond to your message when I return. So, lets see what Google does with this: Go fuck yourself --- Vaya usted cogiera Hmm, doesn't seem correct. Shirkdog ' or 1=1-- http://www.shirkdog.us From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Date: Fri, 19 Oct 2007 16:01:27 +0200 Subject: [Full-disclosure] Marc Vilanova Vilasero está ausente de la oficina. Estaré ausente de la oficina desde el 19/10/2007 y no volveré hasta el 26/10/2007. Responderé a su mensaje cuando regrese. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UNSUBSCRIBE
Of course you want to unsubscribe. Didn't your website go down for like an entire day? BTW. Good work on the phone number. One of our Full-Disclosure Operators will be with you shortly. Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Mon, 8 Oct 2007 14:46:06 -0400 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: [Full-disclosure] UNSUBSCRIBE UNSUBSCRIBE UNSUBSCRIBE Jeffrey A. Jones Constellation Energy Group, Engineering Forensics- Information Security Management (443) 394-2959 mailto: [EMAIL PROTECTED] This e-mail and any attachments are confidential, may contain legal, professional or other privileged information, and are intended solely for the addressee. If you are not the intended recipient, do not use the information in this e-mail in any way, delete this e-mail and notify the sender. CEG-IP1 _ Peek-a-boo FREE Tricks Treats for You! http://www.reallivemoms.com?ocid=TXT_TAGHMloc=us___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research...
There is more money to be made in the treatment of a disease, then actually finding a cure. Remind you of anything? Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Fri, 21 Sep 2007 10:37:20 -0700 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: [Dailydave] Hacking software is lame -- try medical research... Some interesting discussion came up on some security lists this week and it got me to thinking. Yes, hacking software is lame. Cool, so you found some vulnerabilities in some widely distributed application, service, or OS and it is patched just as quickly. Why don't we spend our time and valuable energy researching cures for rare or popular diseases instead? For instance, my brother (Jon Hermansen) has a very rare disease called Langerhans Cell Histiocytosis. It is also better known as LCH. It can be identified as causing such further diseases as Diabetes Insipidus, which is also uncommon (not sugar diabetes). Have you heard of these diseases before? Let me educate you… General Information: http://en.wikipedia.org/wiki/Langerhans_cell_histiocytosis http://en.wikipedia.org/wiki/Diabetes_insipidus Seven Part Video Series: http://youtube.com/watch?v=KkBRqZS8nfM http://youtube.com/watch?v=w1h6ZjxF-To http://youtube.com/watch?v=0ojbJpERlt8 http://youtube.com/watch?v=dzUqdYofMCQ http://youtube.com/watch?v=lNhzwNYhi0M http://youtube.com/watch?v=nY9DDEhShcE http://youtube.com/watch?v=5_8SEYyEZGI And even worse than this, a friend of mine who is a PhD student in Math at Berkeley has an even rarer disease known as Gaucher's Disease. This costs $550,000 / year to treat. That's a hefty bill every year (you make that much doing security vulns?), and some insurance companies might refuse to accept you due to pre-existing conditions. So guess what, my friend does not have health insurance and has not been treated for two years. A genius might die. That's ludicrous. http://en.wikipedia.org/wiki/Gaucher's_disease http://youtube.com/watch?v=0nX6QM5iVaU If we consider ourselves decent hackers, why don't we put our efforts toward helping cure this and other diseases rather than some very simple programming vulnerability? Is it because then we would have to reinvent a whole new slew of tools and re-orient/re-educate ourselves to be successful? Think about it… -- Kristian Erik Hermansen ___ Dailydave mailing list [EMAIL PROTECTED] http://lists.immunitysec.com/mailman/listinfo/dailydave _ More photos; more messages; more whatever – Get MORE with Windows Live™ Hotmail®. NOW with 5GB storage. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_5G_0907___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day for sell
If you are new to the list, then you probably do not have shit to sell, except someone else's code you think no one else has seen.Shirkdog ' or 1=1-- http://www.shirkdog.usDate: Mon, 20 Aug 2007 07:09:07 -0700From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: [Full-disclosure] 0day for sellHello everybody.Im new in this list and i let a message because i am selling some 0day, vulnerabilities and exploits.Please let me message by mail if you are interested. I worked on linux, HP-UX and Windows, and I have some 0day exploits on theses OS : local remote, Sendmail and Apache for linux, IIS, Office for Windows, and many other vulnerabilities. Regards,Juergen Marester. _ Find a local pizza place, movie theater, and more….then map the best route! http://maps.live.com/default.aspx?v=2ss=yp.bars~yp.pizza~yp.movie%20theatercp=42.358996~-71.056691style=rlvl=13tilt=-90dir=0alt=-1000scene=950607encType=1FORM=MGAC01___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Month Of Hackerrats Bugs
I am looking forward to the Month of Lame White Motherfuckers --reference George Carlin Shirkdog ' or 1=1-- http://www.shirkdog.us From: [EMAIL PROTECTED] To: snitches[EMAIL PROTECTED] CC: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Month Of Hackerrats Bugs Date: Mon, 18 Jun 2007 01:24:25 -0400 quite a pleasure to see another well drafted composition to full disclosure. it appears we have quite a real hacker/wanker giving us some wonderful information. i hope the people you reveal had great success in working with the authorities. we should rename this to a month of heros if you should continue. perhaps if you try hard enough you could start a month of not sucking dick but some how i doubt you could succeed in such an endevour. enjoy hiding in the shadows with your useless commentary that no one on here gives a shit about. are you jealous that these people actually have something that you do not,,success and lives? get a bloody life you dumb shit. --jMcD Following suit to the month of bugs - we are pleased to announce the disclosures of cooperating snitches liars and conmen in the industry. We present our second Hackerrat with an eye opening Jericho Jericho (Brian Martin) and his cohorts at the website Attrition were at one time mining hacker information for the FBI. They will swear they didn%u2019t an offer a barrage of verbally crafted nonsense to deter the truth about their actions, but we know better. This information or (Disinformation) comes via an earlier write up on the Hackerrat terrorist known as Mark Maiffret and eEye Security. So how does Jericho tie into eEye anyway? Simple he does so via way of Dale Coddington aka Punkis who worked at eEye. Snitches of a feather flock together. See it worked like this, once upon a time there was #dc- stuff, no wait, some may not be ready for that. krystlia, malvu and other miscreants . Anynow there was Brian Martin hacking the NYTimes as HFG. (don%u2019t worry Martin, I believe the US has a statute of limitations). Never to be discovered perhaps because Adam Penenburg would never disclose it, and perhaps because Martin had some decent friends like Carole Fennelly. Why does Jericho insist he never cooperated with the feds nor disclosed any information to them. The truth is in front of most, but most care not to look at the truth. Ask yourself logically, search any search engine, Lexis Nexis, Google, find one instance of a case of federal agents raiding someone's home and walking out without a suspect. You'd have better luck getting struck by lightning. So what happened after FBI agents raided Martin's house once upon a time? Truth be told, he cooperated with authorities and provided them with log records for moronic developmentally challenged idiots who were sending him proof of their hacks. Thinks this is propaganda? Brian Martin's information is publicly available via what is known in the United States as the Freedom of Information Act. It is highly unlikely he'd appreciate this disclosure since he would somehow have to prove everyone else except him is lying. He would have to come back with discourse on how the government is out to get him by carefully, selectively and willfully injecting disinformation into his life records. Not plausible. So a huge greeting to the federal snitch known as Jericho and his gang of buddies at Attrition. This month's second biggest federal snitch. http://hackerwars.blogsome.com/ - Brought to you by Footard: http://www.footard.com Please report spam to [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Click to lower your debt and consolidate your monthly expenses http://tagline.hushmail.com/fc/CAaCXv1QPRIsBEe9Gbyddq0sRO5wpLyf/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Need a break? Find your escape route with Live Search Maps. http://maps.live.com/default.aspx?ss=Restaurants~Hotels~Amusement%20Parkcp=33.832922~-117.915659style=rlvl=13tilt=-90dir=0alt=-1000scene=1118863encType=1FORM=MGAC01 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Month of DoS Bugs (MODB)
How about a month of annoying project ideas? Shirkdog ' or 1=1-- http://www.shirkdog.us From: Kristian Hermansen [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Month of DoS Bugs (MODB) Date: Sat, 9 Jun 2007 00:18:03 -0400 An entire month dedicated to denial of service would be quite entertaining... -- Kristian Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ PC Magazines 2007 editors choice for best Web mailaward-winning Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_pcmag_0507 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hello !
You know what, pay everyone on full-disclosure a dollar for mentioning an ActiveX bug, and we will call it even. Shirkdog ' or 1=1-- http://www.shirkdog.us From: [EMAIL PROTECTED] To: ene0toue ene0toue [EMAIL PROTECTED] CC: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Hello ! Date: Tue, 05 Jun 2007 19:47:14 -0400 On Tue, 05 Jun 2007 16:29:43 PDT, ene0toue ene0toue said: Hello I Find A ZeroDay Vuln in Activex , Want to Buy ? It Null-Pointer-Defererene But If User Has No Ms06-51 , ActivX Is Exploit ! How zero day can it be if a patch released last year prevents it from working? attach4 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Get a preview of Live Earth, the hottest event this summer - only on MSN http://liveearth.msn.com?source=msntaglineliveearthhm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Month of ActiveX Bug
How about 50 years of PHP Remote File Includes? :) Shirkdog ' or 1=1-- http://www.shirkdog.us From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] (Felix von Leitner) CC: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Month of ActiveX Bug Date: Thu, 3 May 2007 20:08:57 -0400 (EDT) Why don't you do a month of eweek bugs. We won't limit you at all. Any bug counts. Even XSS bugs in open source perl webmail apps. Anything? If you want xss, then I think we're talking more about the decade of xss than month :) - Robert http://www.cgisecurity.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Download Messenger. Join the im Initiative. Help make a difference today. http://im.live.com/messenger/im/home/?source=TAGHM_APR07 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability
[Shirkdog Security Advisory SHK-004] Title: -- Computer Associates (CA) Brightstor Backup Mediasvr.exe Remote Code Vulnerability Description of Application: --- http://www3.ca.com/solutions/ProductFamily.aspx?ID=115 Brightstor ARCserv Backup provides a complete, flexible and integrated backup and recovery solution for Windows, NetWare, Linux and UNIX environments. Vulnerability(PoC): --- There seems to be an design error in the handling of RPC data with xdr procedures across several .dll's imported by Mediasvr.exe. Four bytes from an RPC packet are processed as a particular address (xdr_handle_t data which is run through multiple bit shifts, and reversing of bytes), and eventually loaded into ECX. The 191 (0xbf) procedure, followed by nulls (at least 8 bytes of nulls, which may be Null Credentials and Auth?) leads to an exploitable condition. .text:0040AACD 008 mov ecx, [esp+8] .text:0040AAD1 008 mov dword_418820, esi .text:0040AAD7 008 push offset dword_418820 .text:0040AADC 00C mov eax, [ecx] .text:0040AADE 00C call dword ptr [eax+2Ch] At this point, you have control of ECX (esp+8 is your address data). The data from the packet is stored in memory and is relatively static (see NOTE). The address is then loaded into EAX, and then called as EAX+2Ch, which is controllable data from the packet. In this code, I just jump ahead to the portbinding shellcode. The following exploit opens up a shell on port : http://www.shirkdog.us/camediasvrremote.py Impact: -- This vulnerability leads to remote code execution. Risk Level: -- Critical Solution: CA has been notified References: -- [Shirkdog Security] http://www.shirkdog.us/shk-004.html Shirkdog ' or 1=1-- http://www.shirkdog.us _ i'm making a difference. Make every IM count for the cause of your choice. Join Now. http://clk.atdmt.com/MSN/go/msnnkwme008001msn/direct/01/?href=http://im.live.com/messenger/im/home/?source=hmtagline ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] firefox 2.0.0.2 crash
0x8040 through 0x9D40 Crash But 0x9E40 does not crash (72x40512) :-) Shirkdog ' or 1=1-- http://www.shirkdog.us From: [EMAIL PROTECTED] To: Tõnu Samuel [EMAIL PROTECTED] CC: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] firefox 2.0.0.2 crash Date: Fri, 09 Mar 2007 16:09:21 -0500 On Fri, 09 Mar 2007 20:31:40 +0200, =?ISO-8859-1?Q?T=F5nu?= Samuel said: http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif Cute. The 16-bit height and width fields in the GIF are: 0x0048 = decimal 72 0x8004 = decimal whoops. ;) attach4 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Play Flexicon: the crossword game that feeds your brain. PLAY now for FREE. http://zone.msn.com/en/flexicon/default.htm?icid=flexicon_hmtagline ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
Did you solve the problem? Have you been able to find out something interesting? Should I give up with this? yes, yes, and yes. Shirkdog ' or 1=1-- http://www.shirkdog.us From: Gianluca Giacometti [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX) Date: Wed, 31 Jan 2007 20:31:21 +0100 Hi, some years later but we're having the same problem in our lab. I'm developing an administrative tool through an internal website in PHP, which runs on a linux machine. We have 150 computers and we already use some linux commands to interact with our computers through the website. Moreover I already use PSExec on my windows PCs to do all the stuff. What I would like to do is use just the website platform and for that reason I'm looking for something similar to PSExec under linux. Did you solve the problem? Have you been able to find out something interesting? Should I give up with this? Thank you very much in advance for any suggestion you can give me. Best regards Gianluca Giacometti Dr. Gianluca Giacometti PINECA - University of Padova via Marzolo, 9 - 35131 Padova (Italy) ph./fax +39 049 8275621 e-mail: [EMAIL PROTECTED] skype: gianlucagiacometti ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Check out all that glitters with the MSN Entertainment Guide to the Academy Awards® http://movies.msn.com/movies/oscars2007/?icid=ncoscartagline2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/