NSRG-Security SaS Encryption cracked

[Paul Tinsley <pdt () jackhammer org>]

--------------------------------------------------------------------------------
 Product:            SaS (Security Application Server)
 Vendor:             NSRG (No Secure Root Group Security Research)
                     Lorenzo Hernandez Garcia-Hierro
                     <lorenzohgh () nsrg-security com>
 Impact:             Intellectual property disclosure
 Bulletin-ID:        PT.2003.0001
--------------------------------------------------------------------------------


 Product Description (From Vendor Website):
   We are happy to announce that sas website is now ( again ) online in this
   server by accessing sas.nsrg-security.com , migrate your links to this
   server.  The portal version is the latest of phpWebSite.  We trust in
   phpWebSite , a very secure solution in this last version ( old versions are
   affected by SQL Injections , XSS attacks and PD attacks , discovered by
   Lorenzo H G-H/trulux ).

 Method of Disclosure:
   If you have the GET script installed:
     GET http://www.nsrg-security.com | lorenzo_decode.pl > outfile.html
   If you have wget:
     wget http://www.nsrg-security.com -O enc.html
     lorenzo_decode.pl < enc.html > outfile.html

 Background:
   After the veritable cornucopia of website exploits posted today on
   full-disclosure it inspired me to audit a few websites myself.  I started
   with the author of all the IMHO frivolous postings and found that he
   "encrypted" his website with something called SaS that his group wrote.
   I figured man this Lorenzo guy has lots of free time to pick apart
   everybody's websites, his must be top notch.  "Exploit" code is attached
   and also available at:
     http://jackhammer.org/exploits/lorenzo_decode.pl


Cheers,
Paul Tinsley

Attachment: lorenzo_decode.pl
Description: