Full Disclosure mailing list archives
Re: CertificationMagazine - Blind SQL Injection Vulnerability
From: "research () vulnerability-lab com" <research () vulnerability-lab com>
Date: Fri, 23 Dec 2011 17:57:09 +0100
Hi Tomy, After you wrote us now the second e-mail we want to make something very clear to u and everyone @ vs-db.info & ariko-security 1. Your website is serves no point other then records of the databases that u dumped... because of the fact that you guys hack illegal into web-servers and dump the databases and do not notify the vendor. You guys tell the researchers around you that you do some security stuff ... i think you guys are just fucking criminals. Thats why nobody respects the work you do anywhere. 2. Some weeks ago another ariko-security member asked us ... why we do not work with you guys (vs-db.info & ariko-security)? He also asked us multiple times for selling the dumps of hacked databases!? To answer that once more we are not interested in selling stolen information as said many times before. Why ?! Mainly due the fact that this is a *criminal *offence. And so a no go in our vision for the future of vulnerability-lab.com 3. Also if you view in context what we do vs what you do there is no way we want to work with you. *We* - *Inform *vendors - *Verify* vulnerabilities/bugs to ensure validity - Disclosure after *contact *with vendor or after multiple tries to contact the vendor - Discolsure policy - Try to *protect *vendors and customers of those vendors *You* - *Dont* inform vendor - *No* Discolsure policy - *No* verfication other then a picture - Selling of *illegally* dumped databases/information to make money 4. If so that you say that you are all that good an you are so awsome in what you do why is a 1.5 year old bug (if this infact true) still unpatched when we found it!? Sounds to me that u dumped the database then probably sold it off and then forgot all about it. Instead of contacting the vendor/webmaster etc. So clearly you have no idea of what working in security is about. Your are only trying to rape the benefits of a trick that you know. I hope that you see this as a *wake up call* and *warning* as next time we might not be as friendly. Best Regards, The Vulnerability-lab Team. Am 23.12.2011 11:32, schrieb Tomy:
http://www.vs-db.info/?p=593 MAY 2010 - Nice that you can find 1.5 YEARS old hole LOL! Tomy Wiadomość napisana przez research () vulnerability-lab com <mailto:research () vulnerability-lab com> w dniu 20 gru 2011, o godz. 17:08:http://www.certmag.com/ <http://www.certmag.com/read.php?in=3656m/read.php?in=3656%27>Tomy support () vs-db info <mailto:support () vs-db info>
-- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: admin () vulnerability-lab com or support () vulnerability-lab com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CertificationMagazine - Blind SQL Injection Vulnerability research () vulnerability-lab com (Dec 22)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Tomy (Dec 23)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability research () vulnerability-lab com (Dec 24)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Super vulnerability-lab hack Tomy (Dec 23)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Super vulnerability-lab hack Thor (Hammer of God) (Dec 24)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Super vulnerability-lab hack james (Dec 24)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability research () vulnerability-lab com (Dec 24)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Tomy (Dec 24)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Tomy (Dec 23)