Full Disclosure mailing list archives
Re: Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel
From: "Stan Bubrouski" <stan.bubrouski () gmail com>
Date: Sun, 12 Mar 2006 17:39:18 -0500
Too bad they didn't resolve the problem more than a week ago when the first spoofed messages were sent out (only 1 made it to FD I think). Thanks for the update ad, -sb On 3/12/06, ad () heapoverflow com <ad () heapoverflow com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 yep I have some little infos on this , the admin at c0replay showed me an .sql with a malicious script ******************************************************************************** - -- Dumping data for table `advisorytype` - -- INSERT INTO `advisorytype` VALUES (1, 'Directory Transversal', 'Remote exploitation of a directory traversal vulnerability in [product] could allow attackers to overwrite or view arbitrary files with user-supplied contents.'); INSERT INTO `advisorytype` VALUES (2, 'DoS Vulnerability', 'Sending a specially crafted malformed packet to the services communication socket can create a loss of service.'); INSERT INTO `advisorytype` VALUES (3, 'Integer Overflow', '[product] incorrectly parses integer data, and this can be used to execute arbitrary code.'); INSERT INTO `advisorytype` VALUES (4, 'Heap Overflow', 'It is possible to make [product] crash or run arbitrary code by the use of malformed input.'); INSERT INTO `advisorytype` VALUES (5, 'Buffer Overflow', 'It is possible to make [product] crash or run arbitrary code by the use of malformed input.'); INSERT INTO `advisorytype` VALUES (6, 'Off-by-one', 'It is possible to make [product] crash by the use of malformed input.'); INSERT INTO `advisorytype` VALUES (7, 'Local Privilege Escalation Vulnerability', '[product] incorrectly validates user input, making privilege escalation possible.'); - -- -------------------------------------------------------- - -- - -- Table structure for table `fdmail` - -- CREATE TABLE `fdmail` ( `id` int(10) NOT NULL auto_increment, `Name` varchar(100) NOT NULL default '', `Email` varchar(100) NOT NULL default '', PRIMARY KEY (`id`) ) TYPE=MyISAM AUTO_INCREMENT=2958 ; - -- - -- Dumping data for table `fdmail` - -- INSERT INTO `fdmail` VALUES (2078, 'Josh perrymon', 'perrymonj () networkarmor com'); INSERT INTO `fdmail` VALUES (2077, 'Valdis.Kletnieks () vt edu', 'Valdis.Kletnieks () vt edu'); INSERT INTO `fdmail` VALUES (2075, 'Dave Korn', 'davek_throwaway () hotmail com'); INSERT INTO `fdmail` VALUES (2076, 'str0ke', 'str0ke () milw0rm com'); INSERT INTO `fdmail` VALUES (2073, 'Morning Wood', 'se_cur_ity () hotmail com'); INSERT INTO `fdmail` VALUES (2074, 'Bipin Gautam', 'gautam.bipin () gmail com'); etc etc etc *********************************************************************************** Im not sure but it looks like they have been hacked through the board with an sql injection , possible private bug I dunno but I know the maintainer of this website and they aren't responsible of this. Stan Bubrouski wrote:Not to mention all the messages come through www.c0replay.net assuming that part of the headersare accurate. If you'll recall the same domain was used to spoof a message from Steven Rakick on March 4th. Seems some little kiddie in the UK (assumption warning!) is going to be paying some fines. I wouldn't exactly call it smart to slander dozens of people... and moderation has never seemed more necessary. -sb On 3/12/06, Nicob <nicob () nicob net> wrote:Le dimanche 12 mars 2006 à 01:08 -0800, dismallest dismallest a écrit :APPENDIX B. - References http://bantown.com/banforge/release.rarhttp://bantown.com/ : "Our website was recently hacked [...]" and http://64.233.179.104/search?q=cache:1F21krhKFHEJ:bantown.com/banforge/ Index of /banforge Parent Directory 23-Feb-2006 22:51 - BPL.txt 20-Aug-2005 15:08 4k LJiggaboo1.0.1rc2.tgz 21-Jan-2006 13:10 142k Ljflooder2.pl 07-Aug-2005 05:07 5k PhpBBreg-FIXEDLOL.py 08-Aug-2005 23:11 1k banbot.pl 16-Aug-2005 11:36 15k fla.sh 16-Aug-2005 11:22 2k flu.shot 19-Aug-2005 11:04 3k gaffler3.tar.gz 09-Aug-2005 02:30 123k phpBBroke-0.1.tar.gz 09-Oct-2005 13:35 383k phpBBroke/ 27-Sep-2005 16:47 - phpbb_captcha.c 24-Jan-2006 03:16 21k pw-lolercaust-0.2.tar.gz 10-Oct-2005 03:38 2k rsshithead.tgz Nicob _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEFJxBFJS99fNfR+YRAj5EAJ9CSGssylC2ErrXD+VmVKxmLOOzMQCcDJwQ ESS9D2SCfNJ+phvLzenoCqQ= =eQ8x -----END PGP SIGNATURE-----
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel dismallest dismallest (Mar 12)
- Re: Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel Nicob (Mar 12)
- Re: Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel Stan Bubrouski (Mar 12)
- Re: Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel ad () heapoverflow com (Mar 12)
- Re: Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel Stan Bubrouski (Mar 12)
- Re: Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel Valdis . Kletnieks (Mar 14)
- Re: Advisory 2006-03-12 Gay Slut Overflow CRITICALdismallest in Immunitysec Dave Aitel <...> (Mar 12)
- Re: Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel Michael Mohr (Mar 12)
- Re: Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel Simon Smith (Mar 13)
- Re: Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel Stan Bubrouski (Mar 12)
- Re: Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel Nicob (Mar 12)