disclosure aspect entirely).
Seriously, I might join in on that conversation, even though it is
completely off-topic.
- kefka
n3td3v wrote:
Stop emailing me in private you bunch of stalker, weirdos.
-- Forwarded message --
From: kefka [EMAIL PROTECTED]
Date: Wed, Oct 1, 2008 at 10
From the fucking article itself: Brenner said, the best course of
action is to tighten up one's own networks rather than to place blame.
There's nothing wrong with pdp architect.
Mind your business.
phioust wrote:
http://www.cnn.com/2007/US/10/19/cyber.threats/index.html
Our water and
As far as soldiers are concerned, at least their are some people in this
world that realize certain things are worth more than their pathetic
lives. Star researcher at IBM or not, doesn't matter, your life is
pathetic and lacking real meaning. So, regardless, terrorist or
run-of-the-mill
Fixed.
--
kefka wrote:
https://www.worldofwarcraft.com/login/login?service=http://kefkahacks.net/
User will be redirected once they login.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
It's the same joke at work, most of us do not like Microsoft security
but it keeps us employed (despite their efforts to taint the industry).
---
Mike Vasquez wrote:
I think it was more as a statement regarding the maturity of security
tools on each platform. for instance,
Blizzard.com fails to properly sanitize user-supplied input resulting in
information disclosure:
http://www.blizzard.com/wow/ssotd/screenshot.aspx?imageindex=1027Set=%00
Note the fact that their webroot is on the C: partition.
C:\web\blizzard.com\wow\ssotd\screenshot.aspx
*Version Information:*
If you want to run old code that relies on register_globals temporarily,
make sure you use one of the non-overwriting extract_type values such as
EXTR_SKIP and be aware that you should extract in the same order that's
defined in variables_order within the php.ini
-
eqDKP 1.3.2d and prior
Depends on your definition of secure.
phpninja wrote:
Also I guess if every company paid for exploits you guys would be out
of a job (most everything would be secure).. I did'nt think of that..
On 6/25/07, *Troy* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
wrote:
On 6/25/07, *
eqDKP 1.3.2c and prior 'compare' variable reveals the full path because
eqdkp fails to properly sanitize user-supplied input
Example: /path-to-eqdkp/listmembers.php?compare=%00
___
Full-Disclosure - We believe in it.
Charter:
Seems fixed or doesn't work in FireFox 1.5.0.11
---
MC Iglo wrote:
http://thumbnails.alexa.com/update_thumbnail?url=%3Cscript%3Ealert(%22alexa%20sucks%22)%3C/script%3E
is there more to say?
___
Full-Disclosure - We believe in
newtheme variable only expects sane behaivor, no arguement or an
arguement with any special character, etc.. will cause it to error and
display the full path to $pathtohlstats/includes/smarty/Smarty.class.php
$pathtohlstats/server.php?newcss=styles.cssnewtheme=%00
Ex: Warning: Smarty error:
Correction: it should be
$pathto*psycho*stats/server.php?newcss=styles.cssnewtheme=%00
and $pathto*psycho*stats/includes/smarty/Smarty.class.php
Took a passing glance at hlstats a few night prior.
I can provide more excuses upon request.
newtheme variable only expects sane behaivor, no
In listmembers.php, $show fails to properly sanitize user-supplied input.
It's non persistent XSS :-/
Example:
$path-to-eqdkp/listmembers.php?show=%22%3E%3Cplaintext%3E
kefka
kefka [at] kevinbeardsucks.com
___
Full-Disclosure - We believe
*cough* not just listmembers.php but everywhere $show is used..
anyway..it's dumb but it's there.
kefka wrote:
In listmembers.php, $show fails to properly sanitize user-supplied input.
It's non persistent XSS :-/
Example:
$path-to-eqdkp/listmembers.php?show=%22%3E%3Cplaintext%3E
kefka
Exactly, isn't a 10k-strong botnet, kind of the average?
And tons of those children are using old-old-*OLD* worm/bots/whatever
you want to call them.
Anyway, since you're probably just talking about a large imaginary
number, I'd say linux hosts for raw processing power (since, if it's an
AMD
Why do you hate progress?
The ones who remove freedoms, they are the ones who really hate freedom.
List: Sorry for feeding the troll.
---
n3td3v wrote:
[headline dork reference]
The latest scandal in infosec:
[descriptive dork reference]
We were never sure what defines cyber
Process Guard and other similar application can do this for you. You're
trying to keep some anti-cheat engine from scanning your cheats, correct?
-
Mark Baker wrote:
I am trying to find a rootkit to hide processes ad dll's from World of
Warcraft but can't find where to
Cross-site Scripting Vulnerability in HLStats 1.34
hlstats.php?mode=searchgame=cstrikest=playerq=%22%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%3C%2FSCRIPT%3E%22
Search module fails to sanitize quotes.
kefka
[EMAIL PROTECTED]
Thanks to RSnake
___
Full
18 matches
Mail list logo