Re: @(#)Mordred Security Notice - exporing the hacking websites

[Sir Mordred <mordred () s-mail com>]

Hi,

> While this is amusing, I'm hoping you tell them befor eyou post these? 

Actually no. There are several reasons for this:
1) I failed to contact with some of them, so decided to share the
common behavior for all of them (i.e. dont tell)
2) This is a REAL world examples - that means you can see that the are
present, they should show the state of web app security (
you probably read enough pdf's on web app security, on sql injection ...
etc... )
If it has been fixed, who can tell that i am telling the truth about the
vulnerabilities?

Again, reading this notice and the notices 
which will be released in the near future, you may think -
damn, these guys gonna teaching me security? 
even teaching web application security? 
wait, what? they are releasing web app assesment tools and doing web app
assesment for the money? ... 
Hmm, they should run these elite tools of their websites!

> If you legally post
> this type of information knowing others will be abusing it you >might find
yourself in some legal
> trouble down the road.

Well, i know that. 
But what is better?
Let me freely to post such kind of information or see it on a 
full-disclosure from some unkown subscriber/haxor?
Or don't know that someone already using these vulnerabilities for
months and owning website?

Also i hope that the community will not use this information
for harm, only for fun maybe :-)...

Best regards,
// Sir Mordred




________________________________________________________________________
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html