Full Disclosure mailing list archives

Re: ExploitLabs - URGENT 0day Alert!!

From: "Roy S. Rapoport" <full-disclosure () ols inorganic org>
Date: Mon, 16 Jun 2003 21:38:45 -0700

On Tue, Jun 17, 2003 at 03:31:25AM +0000, Donnie Weiner wrote:

------------------------------------------------------------------
EXPL-NOTHCKR-A1-31337-2003-00010 exploitlabs.com Advisory 00000010
------------------------------------------------------------------
                -= How To Make A mIRC Bot =-

[...]

Just to make sure I undersand:

You're claiming there's a vulnerability because a tutorial uses a random
given token, and so an 'attacker' could exploit the stupidity of a user
by using that token and waiting for the user to enter the command,
unmodified, using the default token?  And that this is a problem with
the software? And that this is an URGENT issue?

-roy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

ExploitLabs - URGENT 0day Alert!! Donnie Weiner (Jun 16)
- Re: ExploitLabs - URGENT 0day Alert!! Roy S. Rapoport (Jun 16)
  - Re: ExploitLabs - URGENT 0day Alert!! Szilveszter Adam (Jun 16)
- Re: ExploitLabs - URGENT 0day Alert!! w g (Jun 16)
- <Possible follow-ups>
- RE: ExploitLabs - URGENT 0day Alert!! Henry, Christopher (Jun 17)
  - Re: ExploitLabs - URGENT 0day Alert!! (Fake Wood) KF (Jun 17)