Full Disclosure mailing list archives
Re: @(#)Mordred Security Notice - exporing the hacking websites
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Mon, 5 May 2003 19:31:10 -0700
Do not deny this man his freedom to speak his mind, especially about security flaws. The "errors" he pointed out are freely available to view, I have seen similar errors on many websites. Sir Mordred is meerly selecting from a plethora of servers that exhibit the same type of errors. Did we not just have a horrible war for FREEDOM? or did I dream of people being killed? my 2 bitz morning_wood http://exploit.wox.org ----- Original Message ----- From: "Sir Mordred" <mordred () s-mail com> To: <bugtraq () cgisecurity net> Cc: <full-disclosure () lists netsys com> Sent: Monday, May 05, 2003 5:25 PM Subject: Re: [Full-disclosure] @(#)Mordred Security Notice - exporing the hacking websites
Hi,While this is amusing, I'm hoping you tell them befor eyou post these?Actually no. There are several reasons for this: 1) I failed to contact with some of them, so decided to share the common behavior for all of them (i.e. dont tell) 2) This is a REAL world examples - that means you can see that the are present, they should show the state of web app security ( you probably read enough pdf's on web app security, on sql injection ... etc... ) If it has been fixed, who can tell that i am telling the truth about the vulnerabilities? Again, reading this notice and the notices which will be released in the near future, you may think - damn, these guys gonna teaching me security? even teaching web application security? wait, what? they are releasing web app assesment tools and doing web app assesment for the money? ... Hmm, they should run these elite tools of their websites!If you legally post this type of information knowing others will be abusing it you >might
find
yourself in some legaltrouble down the road.Well, i know that. But what is better? Let me freely to post such kind of information or see it on a full-disclosure from some unkown subscriber/haxor? Or don't know that someone already using these vulnerabilities for months and owning website? Also i hope that the community will not use this information for harm, only for fun maybe :-)... Best regards, // Sir Mordred ________________________________________________________________________ This letter has been delivered unencrypted. We'd like to remind you that the full protection of e-mail correspondence is provided by S-mail encryption mechanisms if only both, Sender and Recipient use S-mail. Register at S-mail.com: http://www.s-mail.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- @(#)Mordred Security Notice - exporing the hacking websites Sir Mordred (May 05)
- <Possible follow-ups>
- Re: @(#)Mordred Security Notice - exporing the hacking websites Sir Mordred (May 05)
- Re: @(#)Mordred Security Notice - exporing the hacking websites morning_wood (May 05)
- Re: @(#)Mordred Security Notice - exporing the hacking websites Shawn McMahon (May 06)
- Re: @(#)Mordred Security Notice - exporing the hacking websites morning_wood (May 06)
- Re[2]: @(#)Mordred Security Notice - exporing the hacking websites e-smile (May 06)
- Re: @(#)Mordred Security Notice - exporing the hacking websites morning_wood (May 05)
- RE: @(#)Mordred Security Notice - exporing the hacking websites Schmehl, Paul L (May 06)
- RE: @(#)Mordred Security Notice - exporing the hacking websites petard (May 07)
- RE: @(#)Mordred Security Notice - exporing the hacking websites Schmehl, Paul L (May 07)