Full Disclosure mailing list archives
Fw: ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA (used by 3 peoples on internet) !!! 0DAY EXPLOIT !
From: "Frog Man" <leseulfrog () hotmail com>
Date: Tue, 06 Jul 2004 18:39:52 +0200
This "advisory" was of course not written by me, it's a fake. Bye Germain Randaxhe aka frog-m@n
----- Original Message ----- From: <frogman () no-log org> To: <full-disclosure () lists netsys com> Sent: Monday, July 05, 2004 9:20 PM Subject: [Full-disclosure] ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA (used by 3 peoples on internet) !!! 0DAY EXPLOIT !> This is IHCTEAM material. We fuck blackhats and we own the planet. This is> a leet advisory, s0 l33t. Just read it and be quiet. > > --------------------------- >> IHC TEAM private work, all the fame become to IHC TEAM and the leetest mr.> Frog-m@n !!!! > > Product: PHP > Version: all > Security level: Very high baby !!! > > > What's the problem ? > ================== >> There is a BIG 1337 BUG 0day in all the php versions for ever never. This> bug is caused by > the system() function. This is a very VERY 3v1l backdoor, that allows > execution of> arbitrary shell command. This backdoor has been coded by ZyXyS from HACK3R> c0rp0r4ti0n (c) (TM) (R). > > Because we want fame, we'll explain you da bug: > l00k at th1s 3v1l code: > > <? > system("$cmd"); > ?> > > *TADAAAA* ! > > > If this code is on a webserver, a malicious user (like ZyXyS) can exec > EVERYTHING and own EVERYWHERE. > Example: > www.thc-is-lame.org/page.php?cmd=ls%20/tmp > > It will give you: > > tmp-shells-owned-with-THC-Hydra-fucking-lame-kiddy-tool.txt > adore.tar.gz > last-10-leaked-exploits.tar.gz > > > You see, you can rock.> So, at this point we can see that ZyXyS is a very leet guy: THIS BACKDOOR> is less detectable than > a LKM BACKDOOR like adore.tar.gz (<--- hahaha). > > I release this vulnerability because the K-otik team (www.k-otik.com) > owned ZyXyS 10 days ago> (after the fbi) and discovered the backdoor, and k-otik wanted to write an> advisory, ONLY FOR FAME > AND MONEY. I want this fame (but for the money, I don't mind, I am rich > because I sell 0day, > traded on #darknet, to idefense), so I had to release the bug before K-otik. > k-otik is like hack.co.za, they release everything and nothing, but they > can't code their own exploit. > > > Greets: > ====== >> Rudolf Polzer (divzero () gmail com): Thank to his idea to disclose this bug> and if you have another idea > for us mail me > packetstormsecurity: they give us kiddie-friendly exploits and mass rooters > spender: he sells good security patches > isec: now my grandmother can r00t linux boxes > bugtraq: they leak bugs found by ugly blackhats, which worked a lot of > time to discover them > espionet guys: they represented very well the hacker scene in a TV show > with their netbus > (please don't open my cdrom device guys) > > > Fame: > ==== > > > We already owned everyone and everything with these exploits years ago, > and in> fact we've all had them sitting on the shelf gathering dust due to lack of> new targets. > > FUN TESTED IDEAS: > > www.team-teso.net (down because of us) > www.thc.org (haha owned 10 times) > www.securityfocus.com > > > It was very funny to read .gov and .mil files. > > WARNING !!! > > /!\ WE ARE LOOKING FOR A JOB IN THE SECURITY RESEARCH /!\ > > Visit us: > > www.ihcteam.com > www.newffr.com > www.espionet.net > www.underground-fr.org > www.phpsecure.com > > > --------------------------- > > We n33d f4me, m0n3y, g1rls and m0nk3ys, so VIVA EL DISCLOSURO. > > ---- fr0g-m@n ---- >
_________________________________________________________________ A la recherche d'un taux plus intéressant? http://money.fr.msn.be/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA (used by 3 peoples on internet) !!! 0DAY EXPLOIT ! frogman (Jul 05)
- Re: ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA (used by 3 peoples on internet) !!! 0DAY EXPLOIT ! Rudolf Polzer (Jul 05)
- Re: ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA harry (Jul 06)
- Re: ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA (used by 3peoples on internet) !!! 0DAY EXPLOIT ! Othman Nasrou (Jul 06)
- <Possible follow-ups>
- Fw: ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA (used by 3 peoples on internet) !!! 0DAY EXPLOIT ! Frog Man (Jul 05)
- Fw: ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA (used by 3 peoples on internet) !!! 0DAY EXPLOIT ! Frog Man (Jul 06)
- Re: ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA (used by 3 peoples on internet) !!! 0DAY EXPLOIT ! Rudolf Polzer (Jul 05)