Full Disclosure mailing list archives
Re: VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!
From: Rudolf Polzer <divzero () gmail com>
Date: Sat, 3 Jul 2004 18:19:59 +0200
On Sat, 3 Jul 2004 06:40:55 +0200, Frog M@n <frogman () bonbon net> wrote:
This is IHCTEAM material. We fuck blackhats and we own the planet. This is a leet advisory, s0 l33t. Just read it and be quiet.
Not at all. But it's always good to mention the Nr. 1 security nightmare people produce with scripting language. Good job.
There is a BIGBUG in all php versions, in the include() function. If this function is badly used, a roxor hax0r (like us) can compromise a box remotely. He can execute commands with apache rights.
If it's badly used, the author of the script should get another job.
index.php: ... include($page); // <--- fucking lame ...
Just because many PHP programmers are fucking idiots you cannot blame that on PHP.
<? system("$cmd"); ?>
So your next advisory will be about a BIGBUG in system() - when badly used, an attacker can execute arbitrary code on your webserver? We all already know that. Really.
Don't use the include() function, it is coded by idiots, like THEO@openbsd.
No. Do not use the include() function with unchecked untrusted input, for it will do what the documentation says.
We owned everything and everywhere with this exploit: www.apache.org www.debian.org www.nasa.gov
If that is true (proof?), it should appear in the news soon.
WE ARE LOOKING FOR A JOB IN THE SECURITY RESEARCH
lol, after THIS el-cheapo "security advisory"? Get a life. Find a real bug. -- < polzer> besonders krank ist jedoch Kenny nach einer Basistransformation... < polzer> Zcssczcssszszsz cscccczzzzzz zcszzc ccczsczcs. < polzer> (ROT13)^{-1} Kenny ROT13 < polzer> .oO( fpbecker sucht das inverse Programm zu ROT13 ) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!! Frog M@n (Jul 03)
- Re: VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!! m.esco (Jul 03)
- Re: VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!! Duncan Hill (Jul 03)
- Re: VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!! Maarten (Jul 03)
- Re: VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!! Rudolf Polzer (Jul 03)
- Re: [FD] VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!! Thomas Binder (Jul 05)
- Re: VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!! Maarten (Jul 03)
- Message not available
- Re: VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!! Rudolf Polzer (Jul 03)
- Re: VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!! nicolas vigier (Jul 04)