Hi,
Just curious if any one has any idea of the motivation behind the constant DDoS
against Gamerfirst game servers
Yes I am a saddo that likes to play Fallen Earth.
Dave
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk
that IS_BLACKLISTED_REG_OFFSET
in all files recursively (* -R -l) - nothing found. maybe it's for nouveau
driver?
No I think they added this in response to a previous security issue,
but i don't have an installed nvidia driver near me now to see exactly
what needs changing.
Dave
post it for them.
It basically abuses the fact that the /dev/nvidia0 device accept
changes to the VGA window and moves the window around until it can
read/write to somewhere useful in physical RAM, then it just does an
priv escalation by writing directly to kernel memory.
Dave.
/* Anonymous
Thor,
u're has always has given lessons too others in long so boring messages. Big
ego, has not that smart after all.
Please has us let peace: has you shut up.___
Full-Disclosure - We believe in it.
Charter:
, what they has done is good or bad.
Has given lesson but has take it: has a look at u in mirror then at ur shit
then has a think again.
From: Thor (Hammer of God) t...@hammerofgod.com
To: NETT Dave nett.d...@yahoo.com; full-disclosure@lists.grok.org.uk
full
is not play by dox games
On Wed, Jul 11, 2012 at 12:00 PM, NETT Dave nett.d...@yahoo.com wrote:
Same has to you: fake ouzbek or real yankee? In regard of you degenerate I
bet yankee.
Choose which has to be and stick language. You understand?
From: Григорий
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
Roller 4.0.0 to Roller 4.0.1
Roller 5.0
The unsupported Roller 3.1 release is also affected
Description:
HTTP POST interfaces in the Roller admin/editor console were not
protected from CSRF attacks. This issue has
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
Roller 4.0.0 to Roller 4.0.1
Roller 5.0
The unsupported Roller 3.1 release is also affected
Description:
Roller trusts bloggers to post HTML and JavaScript code in the weblog
and for some sites this can be a problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Whilst I agree with the general consensus regarding sustenance and trolls
Double standards are commonplace amongst governments (regardless of nation).
Please be aware I am always right no matter how wrong I may appear to be to
your deluded
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/04/2012 17:43, valdis.kletni...@vt.edu wrote:
On Mon, 09 Apr 2012 12:06:24 -0400, Travis Biehn said:
'Clear purpose for committing any of the offenses' is usually easy to prove.
Say I'm heading to Munich for a pen-testing gig, complete
, proper coders and hackers, people with
genuine skills (myself not included).
Can you imagine how they see your publication?
Regards
Dave
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBT39ts7Ivn8UFHWSmAQLC2wgAny
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/04/2012 04:26, Sebastian Rakowski wrote:
On 02/04/2012 7:28 AM, Dave wrote:
p.s. Word of advice, if you did pay for this with you own
credit/debit card... Cancel the card now.
If he paid for it with his own CC, he probably would have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 30/03/2012 14:53, smith joseph wrote:
LEORAT.COM is SCAM | LEOIMPACT.COM is SCAM | LEORAT.COM is SCAM
Yes. . I bought this RAT software from him. He claims that he is having is
own RAT but they all are freeware.
1. Darkcomet
2.Xtream Rat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 30/03/2012 14:53, smith joseph wrote:
LEORAT.COM is SCAM | LEOIMPACT.COM is SCAM | LEORAT.COM is SCAM
Yes. . I bought this RAT software from him. He claims that he is having is
own RAT but they all are freeware.
1. Darkcomet
2.Xtream Rat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/03/2012 15:36, valdis.kletni...@vt.edu wrote:
On Mon, 26 Mar 2012 09:28:38 -0500, Adam Behnke said:
Mexican drug trafficking organizations are increasingly demonstrating a
desire to make money from cyber-crime, attracted by the high profits
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/03/2012 05:44, valdis.kletni...@vt.edu wrote:
On Sat, 24 Mar 2012 00:52:45 -, Dave said:
I am not an expert so please, for my education, correct me if I am wrong.
Is it not so much the request, but what the request is made with?
It's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/03/2012 15:53, valdis.kletni...@vt.edu wrote:
On Sat, 24 Mar 2012 10:26:48 -, Dave said:
Doesn't the the -e, robots=off, --page-requisites and -H wget directives
enable
one to collect all the necessary files that are called from
with was the Saddam virus on my Amiga.
Now in my smugness, I expect I will be handed my ass later
que sera sera
QR tags (matrix barcode) now there's some fun waiting to happen ;-)
Dave
On 23/03/2012 20:41, Gary Baribault wrote:
I find it very unfortunate that 300 supposed security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/03/2012 00:39, valdis.kletni...@vt.edu wrote:
On Fri, 23 Mar 2012 22:34:38 -, Dave said:
ii) Paranoia is healthy. If one runs a computer most people ARE out to get
you.
A tad extreme, perhaps. There *are* 7 billion people
the request is made with?
Would not requesting with wget mitigate any attack?
The source of the page and any scripts called by the page should be enough to
ascertain whether the page is malicious or not.
Dave
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG
Your ISP probably has their users are on different networks than their
servers. Sounds like maybe they meant the switch you are on, not the
servers switch. Need to troubleshoot, use a smart phone or some other OOB
capable device to test access to the ISP servers. If you can access OOB,
then
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anonymity is like entropy as described by the second law of thermodynamics.
There is only one way to be anonymous, anything else is an increase in entropy.
to thOn 09/03/2012 05:25, Kyle Creyts wrote:
Zealots will be zealots.
On Mar 8, 2012 5:02
regards
Dave
On 30/01/2012 13:35, Jerry dePriest wrote:
http://www.sans.org/security-resources/idfaq/honeypot3.php
good paper on how to build your own and some links to commercial products.
Sorry for the pooh add em. Still recovering from open heart surgery and the
meds get to me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25/01/2012 20:16, adam wrote:
If we cared, we'd visit that site of our own volition. Secondly, even if we
were interested: most of the people on these lists are intelligent enough
not to click on links from spammers. Third, even if the content
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/01/2012 23:32, valdis.kletni...@vt.edu wrote:
On Sat, 07 Jan 2012 17:03:09 CST, Laurelai said:
Perhaps these companies should try to hire the kids owning them instead
of crying to the feds.
Most of the kids are skript kiddies, and don't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/01/2012 13:43, ebhakt wrote:
Hii guys,
I want to know the logic behind creating a captcha image
I know how the servers are designed and what the captcha security does!!
but how the captcha imagae is generated that's my main question !!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2011 17:40, Charles Morris wrote:
I'm curious what everyone's opinion is on the following question... esp. to
any FF dev people on list:
Do you think that the Firefox warning: unresponsive script is meant as a
security feature or a
with
javascript enabled.
Thanks for your insights and the education
Dave
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBTuPrVrIvn8UFHWSmAQJcJAgAqtAh+2LMzLOefwX31DZRNtoMgjWRt2yc
5CxN6uhnli97D9qJWDYOBYWJhO0/IV9zxmdVdQ5Pt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/12/2011 20:31, Marsh Ray wrote:
On 12/08/2011 12:37 AM, Michal Zalewski wrote:
For time being, if you make security decisions based on onmouseover
tooltips, link text, or anything along these lines, and do not examine
the address bar of the
as it is.
Dave
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBTuCEubIvn8UFHWSmAQKN2wgAjMe2BOEo2sSetsfhnEGBGzTjtaW9RYsq
eXyYVHOp8gkt9xkvoob4sjK1LV5zuM43qaP2s3TGcQrsx1A3Aqho+C1NuHP70y2f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/12/2011 19:15, security+li...@internecto.net wrote:
Java updates bundle McAfee crap
Adobe updates bundle toolbars
Heck, even FoxIT Reader bundles Ask toolbar.
As an aside - Reading the name 'FoxIT reader' and can't help but wonder
- does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/12/2011 10:02, Olga Głowala wrote:
New issue of PenTest StarterKit is out!
23 pages of free content, feat. Gabriel Marcos - When computer Attacks
The link to download is below:
2011 07:45, Dave m...@propergander.org.uk wrote:
On 07/12/2011 10:02, Olga Głowala wrote:
New issue of PenTest StarterKit is out!
23 pages of free content, feat. Gabriel Marcos - When computer Attacks
The link to download is below:
http://pentestmag.com/pentest-starterkit-211-2/http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/12/2011 10:44, Lucio Crusca wrote:
Hello *,
I'm not new here, but I've mostly lurked all the time through gmane. I never
believed it could happen to me until it actually happened: they compromized
one of my servers. It's a Ubuntu 10.04
years old now battery is
getting a little tired.
Take care... watch ya back
Dave
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBTtwBYrIvn8UFHWSmAQJQ6gf7BCN+uFWDuMcZ0tVnBTpg0KekAUsG9v+g
cqCCrWr5m5GbTU91
On 23 November 2011 21:37, char...@funkymunkey.com wrote:
If you can't, maybe you can name other, more secure Linux distro in
which your 10 ways do not work.
OpenBSD? :P
What a great choice for a secure linux distribution ;)
___
Full-Disclosure -
questions, I am far to busy to
research this at this time so I ask these questions in the hope
than an Ubuntu Guru comes forth and either allays all my/your/our fears(if they
exist) or scares me/us into action.
regards
Dave
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using
On 13 November 2011 04:27, Darren Martyn
d.martyn.fulldisclos...@gmail.com wrote:
Off topic (kinda) but with all this talk on SCAPY, has anyone a good
reference on using it IN a python script for crafting/reading packets? Me
and a friend wanted to write a python version of Ettercap/dsniff using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2011 11:45, Dan Rosenberg wrote:
On Wed, Nov 9, 2011 at 6:25 AM, Darren Martyn
d.martyn.fulldisclos...@gmail.com wrote:
Balls, I forgot to add this to the last message, but has anyone examined the
patch yet? I can only imagine it would be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think they need a better way to sift the wheat from the chaff.
Numbers can be magic and eight bytes is enough of a taste to tell honey from
vinegar.
Nice find
Dave
On 28/10/2011 18:56, Pablo Ximenes wrote:
I see. I have seen this kinda
On 26 October 2011 10:40, Michal Zalewski lcam...@coredump.cx wrote:
I think someone fed bugtraq archives into scigen.
I thought we're doing Twilight fanfic instead?
/mz
I hate that thing : (/me unsubscribes).
___
Full-Disclosure - We believe in
On 22 October 2011 15:39, Michal Zalewski lcam...@coredump.cx wrote:
In any case, the *right* answer isn't to play whack-a-mole fixing /tmp races,
what you should be doing is using pam_namespace or similar so each user gets
their own /tmp namespace.
That would result in counterintuitive
On 15 October 2011 14:11, Thor (Hammer of God) t...@hammerofgod.com wrote:
Haven't we made it to the point where top posting is OK? I mean, it works
from a Ped Xing standpoint, why not here? It is REALLY that bad?
I thought this was a security mailing list not an exercise in how not
to do it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
That's a bold statement, the confidence in knowing the minds of others.
I think the majority of the populace of this planet do have a social conscience
and would feel guilt if the riches they amassed had come about
as a result of another persons
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/10/2011 15:01, Christian Sciberras wrote:
Yeah Darren, wish we all could get off like that $1M guy, screwing off
hardworking people while doing nothing.
That'd be the life.
Wonder what's stopping us all from doing it?
A social
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/10/2011 23:52, xD 0x41 wrote:
I will say, with Botnets, and bots in general, i dont see much talented
people on FD...
It might just be a case of those with the least talent making the most noise,
whilst the really talented remain pretty
colour, sex or facing the same way when they pray.
Dave
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBTo3wibIvn8UFHWSmAQKZ7wgAtLx6Qx7sTeibyR8g0/oYhoMrbDMSuM9Y
DXmrZmqk/+mMyDgPMC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/10/2011 11:39, Jacqui Caren-home wrote:
On 02/10/2011 18:38, Stefan Jon Silverman wrote:
oy, list newbie meets n3td3v -- this should be fun
Just looked at this site. Shudder.
FYI: this is PART of one sentence!
This site should be
On 4 October 2011 02:36, Dan Dart dand...@googlemail.com wrote:
You need to be root to use raw sockets - yeah... I do...
Of course you do!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
On 28 September 2011 01:00, Mario Vilas mvi...@gmail.com wrote:
On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky d...@doxpara.com wrote:
Ok, now nobody can spoof a URL, but how come a user will tell good
URLs and bad ones apart? Oh boy!
Wherever did you get the idea that users can do this?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/08/2011 10:06, Ivan c wrote:
An Apple spokesperson told iTnews that it would continue to protect its
design patents. This kind of blatant copying is wrong, and we need
to protect Apple's intellectual property when companies steal our ideas.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thought I would share my response from plusserver regarding usage of
their systems for illegal marketing activities and sales scam.
Thanks for the advice, Jacqui.
regards
D
- Original Message
From: - Fri Jul 22 08:43:39
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OK This is not new, but it happened to me just an hour ago.
A stranger on the end of a phone call tells you your PC is infected, and you
should download and install a RC server so it can be fixed.
I just been through this and installed Ammyy admin
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Andy McKnight
Sent: Wednesday, July 20, 2011 7:26 AM
To: Dave
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Phone Scam
A stranger
Vendor response: This isn't an issue.
Problem: the cherokee server admin configuration web interface is
vulnerable to csrf.
Impact: if an admin is logged into the cherokee admin interface and
visits a site which runs bad tm scripts cherokee can be reconfigured
to run as $user and set log
Hi,
I've tested this behaviour using both - gnutls and openssl - and it seems
like the only difference is that there is an error printed using openssl:
Certificate host check failed: certificate owner does not match hostname
imap.myhost.web.
In both cases a user can accept the certificate,
On 9 March 2011 16:41, Tim tim-secur...@sentinelchicken.org wrote:
As port 587 is for port for TLS/STARTTLS and port 465 is for ssl if I
am not mistaken.
Please do point out if I have gotten this completely incorrect.
Nope, you're right, it looks like I got the two mixed up.
Good catch on
On 8 March 2011 19:00, Joachim Schipper joac...@joachimschipper.nl wrote:
On Tue, Mar 08, 2011 at 12:36:01PM +1100, dave b wrote:
Hi all. It seems that mutt fails to check the validity of a SMTP
servers certificate during a TLS connection. In my mutt configuration
I have
set ssl_starttls
Actually it doesn't seem like switching the configuration 'fixes' the issue.
If I have
set smtp_url = smtps://tes...@lola.com
set ssl_starttls = yes
set ssl_force_tls = yes
It _still_ connects to the 'incorrect server' fine(I expect it to
connect to lola.com and it connects to gmail's smtp
Instead of telling me what configurations to use why don't you test
them out and tell me what happens?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Um. Sorry, but I didn't want to be sent 100 different configurations
to test when perhaps someone knows about a configuration which is
'correct'.
So my test case as you pointed out did contain an error.
Here are the test case(s) I think you wanted me to run.
1. a muttrc with just
set smtp_url =
I should add that mutt hanging on the
set smtp_url = smtps://tes...@lola.com:587
configuration is what I would expect to happen.
As port 587 is for port for TLS/STARTTLS and port 465 is for ssl if I
am not mistaken.
Please do point out if I have gotten this completely incorrect.
Hi all. It seems that mutt fails to check the validity of a SMTP
servers certificate during a TLS connection. In my mutt configuration
I have
set ssl_starttls = yes
set ssl_force_tls = yes
However, after performing the steps below I found that mutt did not
properly validate the remote servers
Marsh, the thing is that the ssl module was only introduced in python 2.6. [0]
There has been other options for a _long_ time. As an example, (for
https traffic) pycurl. So python developers can and do use public wifi
without problems. Only the ones who do not read warning messages are
at risk.
experience. Honestly, which one of these tools
is Jacob, and which one is Edward? Cause I know which team I'm on! :
-dave
On Sat, Jan 15, 2011 at 1:27 PM, Nelson Brito nbr...@sekure.org wrote:
There we go, again. But that will be my last message on this thread.
Despite some of my fellows have
Good morning. I think for most people on this list, the PJL RDYMSG
printer display message prank would not be new.
However, what is amusing is that some lexmark (and dell) printers
display the actual text on the printer display in their web interface
without escaping it. This can be used to xss
Has you a happy new year too. But has shut up please.
And has study English for 2011.
--- On Sat, 1/1/11, Григорий Братислава musntl...@gmail.com wrote:
From: Григорий Братислава musntl...@gmail.com
Subject: [Full-disclosure] Is Security Disclosure
To: full-disclosure@lists.grok.org.uk
Date:
Who has the f*ck you be?
You has here on a OpenBSD mailing list, what has this shit to do here?
I has not understand a word to what you has said. Everyone has to pay the price
for what he has done.
Has you be a too little no one to disturb Dave Nett with yours crimes.
--- On Sat, 1/1/11, Andrew
Has be warned once again from Dave Nett:
http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/010_cbc.patch
CBC is a holed block ciphered method that has easy secret cracking, ideal for
the FBI. How can one has trust in Theo's OS?
You - 90% of subscribers are THeo zealots - has to reconsider
of the world.
Anyway Dave Nett has not be portuguese and has not to care about language to
address such a you because you has be nothing.
You has the real homosexual troll wainting for trolling answers.
Dave Nett laugh hitting his ass on the floor thinking about the giant you be.
You has suck at cracking
Look how he has racist! hackers from there will has appreciation of it and will
f** you off.
He also unable to understand the meaning of BSd so FreeBSD and OpenBSD
backdoored the same (anyway most of the code has be copied from FreeBSD to
OpenBSD, OpenBSD has just changing the security default
Has I not troll has you insult me. Has I am very disapointed now.
Has I liked you but know that love and hate has the same kind.
I can has see that you has blood of traitor. You has ennemy of Dave Nett now.
You has must no live, has you joke but come truth.
Hey Dave Nett has published real code
Has I me laugh of you Linux zealots always has irony to defend your
indefendable situation.
--- On Mon, 12/27/10, Matt ~ aer...@gmail.com wrote:
From: Matt ~ aer...@gmail.com
Subject: Re: [Full-disclosure] LINUX has backdoored too
To: Dave Nett dave.n...@yahoo.com
Date: Monday, December 27
Has musntlive high respect from Dave Nett has I to agree with most of your
views.
Has I think too that Mr Gibson's TCP/IP will has probably take over IPv4 and
IPv6 both at a time.
Has I think too the big one is for this year in terms of DNS.
Time for true security guys to come back to here
Has I Jerome fake hacker whose not rexpect and threaten in law.
Has he not respect female. Has he not respect freedom of internet. Has he not
man.
Has how it become hack conference if such pity. Shame.
What has you do really?
Has I very very anger, has be warned.
--- On Fri, 12/17/10, Dave Nett
/ proc/ sbin/
srv/ tmp/ var/ vmlinuz.old@
$ cat /proc/cpuinfo | grep vendor
vendor_id : GenuineIntel
vendor_id : GenuineIntel
Has I good guy for now so not show more, but all of you has to respect Dave or
big problem later.
--- On Mon, 12/27/10, coderman coder...@gmail.com wrote
Hello full disclosers,
I has sad to officialy announce the end of Dave Nett soon.
It has time for Dave to mutate again for its security.
Tons of things revealed but never same name, that is the life of Dave.
Dave will has come back with new identity, new face and lexical masquerading.
Dave
http://www.exploit-db.com/papers/15823/
The end of an erra for Dave Nett. OpenBSD is not only the one backdoored system.
Linux (Lame Inoperative Neo UniX) has certainly hidden backdoors has was used
by the happy ninjas, a notarious pro-government hack group.
Has you see has all system be Linux
.
The impact of 0-day has huge has many coders and users contaminated. Though
cleaning up has easy.
If has the CD pleaze throw it as soon as can, turn off the light and watch at a
Walker Texas Ranger episode to refresh your mind.
Has be warned and has a merry christmass,
Dave Nett
You has not know what theses guys are able to do.
There are very very dangerous. Be warned by me Dave.
So you hasn't want to open the doors to your system to these men.
Anyway here has the way to always use OpenBSD (from a long time ago to me)
within 10 rules :
0x01 standalone test machine
http://marc.info/?l=openbsd-techm=129296046123471w=2
Long mail which just admit has backdoor, poor Theo.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Everyone loves wikia, so here have an xss against their site(s).
http://www.wikia.com/index.php?title=Special:Signuptype=loginaction=submitloginreturnto=Fal%22%3Cscript%3Ealert%28%27fail%27%29;%3C/script%3Elout_Wiki
--
The lunatic, the lover, and the poet,Are of imagination all
compact...
Good morning, you can xss freenas stable (0.7.2.5543)
like this
http://192.168.0.1/quixplorer/index.php?action=listorder=namesrt=yeslang=en%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
or this ...
Good morning again! -- openfiler xss:
https://192.168.0.2:446/admin/system.html?step=2device=et%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3Ebh0
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
So it turns out I totally ignored the stok parameter in nearly every
url - once a user is logged in (easy to miss uh? :P) - which offers
some protection against csrf attacks.
However, if the user decides to log in(as they will meet a login page)
anyway to a url like(from my original email):
Musnt live L.T.,
I has to come there to reveal what OpenBSD really stands for.
It has be very ironically :
OpenBSD = Open Backdoored Software Distribution
I used to work the a secret agency and I has to tell that that is really the
kindles of hint they like to leave behind.
However if I
Deer List,
Everything has in the title. I has to be a secret agent in the past so I know
the project code.
Use with awarenes.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
jerome.ath...@ja-psi.fr
Subject: Re: [Full-disclosure] OpenBSD has OpenBackdouredSoftwareDistribution
To: Dave Nett dave.n...@yahoo.com
Cc: full-disclosure@lists.grok.org.uk
Date: Friday, December 17, 2010, 10:32 AM
I hope, dear, that the code is better than your english.
Le 17/12/2010 08:26, Dave
. Though
don'tk know if in actual code.
--- On Fri, 12/17/10, Thiago Silva dead...@archlinux.com.br wrote:
From: Thiago Silva dead...@archlinux.com.br
Subject: Re: [Full-disclosure] OpenBSD has OpenBackdouredSoftwareDistribution
To: Dave Nett dave.n...@yahoo.com
Date: Friday, December 17, 2010, 11:49 AM
Thank you man.
However has you to has know that the acronym means Open Backdoored Software
Distribution.
Chairs.
--- On Fri, 12/17/10, Григорий Братислава musntl...@gmail.com wrote:
From: Григорий Братислава musntl...@gmail.com
Subject: [Full-disclosure] OpenIBDS (OpenBSD is Backdoor Detection
I can tell you that it is not only possible, but done.
OpenBSD is not the only affected OS. Linux also does contain vulnerabilities,
as well as virtually all OS we know - as this is why there are allowed and why
we can actually use them.
--- On Thu, 12/16/10, Abuse007 abuse...@gmail.com wrote:
I hate it when some one beats me to a bug report.
https://addons.mozilla.org/en-US/firefox/user/5578717/ (this example
will only work against firefox).
The xss occurs due to no filtering / escaping the display name attribute for a
user.
___
Have a wonderful rest of the week!
You too!
You guys are awesome and fix things wy to fast.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Hi you can xss pmwiki like this:
http://dtcsupport.gplhost.com/Main/WikiSandbox?from=%22/%3E%3Cbody%20onload=alert%281%29%3E
Also the above it seems to behave differently across versions of pmwiki.
If it doesn't work ...html injection like this should:
I ran it and my computer turned into a mudkip. I took a picture which
I have uploaded at [0]
I didn't read the instructions was I supposed to?
[0] -
http://www.aspectofthehare.net/wp-content/uploads/2009/07/MudkipComputerGame.png
___
Full-Disclosure
On 3 December 2010 08:11, Cal Leeming [Simplicity Media Ltd]
cal.leem...@simplicitymedialtd.co.uk wrote:
Is this a joke? :|
No I am 12 and what is this !
___
Full-Disclosure - We believe in it.
Charter:
Bugtraq rejected my email so I am sending it to full disclosure instead...
-- Forwarded message --
From: dave b db.pub.m...@gmail.com
Date: 29 November 2010 22:54
Subject: NoScript (2.0.5.1 less ) - Bypass Reflective XSS through
Union SQL Poisoning Trick (SQLXSSI)
To: bugt
Just when you thought it couldn't get worse...
http://bugs.python.org/issue3596
http://bugs.python.org/issue4870
So now the programmer still needs to say OH disable sslv2 (or doesn't
select sslv2) but by default it will be enabled.
The python doc says this:
ssl.PROTOCOL_SSLv23
Selects SSL
The openwrt 10.03 webinterface seems to have no protection against csrf...
In addition, the following xss can be used against the webinterface:
1. (nearly any page) e.g.
http://192.168.0.1/cgi-bin/luci/;stok=d/admin/network/network//scriptalert(1);/script
2. the query for packages e.g.
Those who cannot learn from history are doomed to repeat it. -
George Santayana
http://cvstrac.pfsense.org/chngview?cn=20994
Comment: Make scripts XSS input safe.
Date: 2008-Feb-11 23:33:24 (local) 2008-Feb-12 04:33:24 (UTC)
So in 2010, pfsense 2 beta 4:
...
xss - pkg_edit.php
1 - 100 of 337 matches
Mail list logo