Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SOngs.pk Hacked ! By Indian Hacker Team (Due to Mumbai Terror)

From: Xa Buri <xaburi () yahoo com>
Date: Sun, 17 Jul 2011 08:28:00 -0700 (PDT)
Mumbai Blast death Toll - Approx 20 <-- People actually DIED there.

In retaliation ----> songs.pk was defaced

Wow!!!

Shut the f*%k up and go die, bloody skids. If you want to advertise ur n4m3s there are better ways than using blasts as 
an agenda, do something technical for a change.

- Xa

From: Silic0n <science_media017 () yahoo com>
Subject: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
    (Due to    Mumbai Terror)
To: full-disclosure () lists grok org uk
Message-ID:
    <1310747999.26056.YahooMailClassic () web110109 mail gq1 yahoo com>
Content-Type: text/plain; charset="iso-8859-1"

http://songs.pk/usersonline/usersonline.php


















 







    

        



Hacked

BY:Mr52, R00t_d3vil , InX_rOot , -[SiLeNtp0is0n]- ,Lucky, Silic0n , Ne0_h4ck3r , dodo, and Team ICA 

        

Pray for all the innocent victims of Mumbai attack ..


This is a small answer from All Indians.. Remember we are Together..


You can just kill innocent people .. Women & Childrens..


But There is no Future for you.. We are coming with huge speed..


Corruption will be under control.. Every Indian will have Money n Power..


Then there will be no one to Save you..


You are dirty stamp on Pure Islam.. Try to Understand & Respect it..


Just Remember We are coming


Bye ..


Exit




     _

?



        

        

        



        



  

  

  
Submit Your comment here .. 

Use Proper language.
  

    

 

        

    

    ?
Comment here? http://www.anvilbook.com/guestbook.php?mumbai






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110715/16ed9799/attachment-0001.html 

------------------------------

Message: 2
Date: Fri, 15 Jul 2011 21:59:04 +0300
From: Georgi Guninski <guninski () guninski com>
Subject: Re: [Full-disclosure] Spooks really call em "Whizz" and "do
    cyber"
To: Jacqui Caren-home <jacqui.caren () ntlworld com>
Cc: full-disclosure () lists grok org uk
Message-ID: <20110715185904.GB1798@sivokote.iziade.m$>
Content-Type: text/plain; charset=utf-8

On Wed, Jul 13, 2011 at 07:52:15PM +0100, Jacqui Caren-home wrote:

"I need some real internet whizzes in order to do cyber ..."
"I probably have to do better than I am doing at the moment, or else my internet whizzes are not going to stay? and 
we do have a steady drip, I am afraid. "

http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8635959/Whizz-kids-deserting-the-spy-world-as-threat-of-attacks-increases.html

Jacqui

For the non brits here, the translation is - s/Cyber/pork barrel/gsi

Evidently EDS (HP) are getting 2BILLION UKP funding via GCHQ real soon now...

http://www.theregister.co.uk/2011/07/13/interception_modernisation_returns/



god save h-america and the uk...


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




------------------------------

Message: 3
Date: Sat, 16 Jul 2011 01:35:05 +0530
From: webDEViL <w3bd3vil () gmail com>
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
    (Due to Mumbai Terror)
To: Silic0n <science_media017 () yahoo com>
Cc: full-disclosure () lists grok org uk
Message-ID:
    <CAPgDQaKU29nvLrcq5SR6kcURHH6OF8w1zTsERsoMLZnpXPohwg () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

I always had a feeling pirates were behind such attacks.
But music pirates seems to be a bit too much.


On Fri, Jul 15, 2011 at 10:09 PM, Silic0n <science_media017 () yahoo com>wrote:


http://songs.pk/usersonline/usersonline.php

   Hacked

BY:*Mr52, R00t_d3vil , InX_rOot , -[SiLeNtp0is0n]- ,Lucky, Silic0n ,
Ne0_h4ck3r , dodo, and Team ICA *

Pray for all the innocent victims of Mumbai attack ..
This is a small answer from All Indians.. Remember we are Together..
You can just kill innocent people .. Women & Childrens..
But There is no Future for you.. We are coming with huge speed..
Corruption will be under control.. Every Indian will have Money n Power..
Then there will be no one to Save you..
You are dirty stamp on Pure Islam.. Try to Understand & Respect it..
Just Remember We are coming
Bye ..
Exit
_


   Submit Your comment here ..
<http://www.anvilbook.com/guestbook.php?mumbai>
Use Proper language.




Comment here  http://www.anvilbook.com/guestbook.php?mumbai


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





-- 
Regards,
webDEViL

http://twitter.com/w3bd3vil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110716/4abdab61/attachment-0001.html 

------------------------------

Message: 4
Date: Fri, 15 Jul 2011 19:00:24 -0400
From: Valdis.Kletnieks () vt edu
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
    (Due    to Mumbai Terror)
To: Silic0n <science_media017 () yahoo com>
Cc: full-disclosure () lists grok org uk
Message-ID: <67649.1310770824 () turing-police cc vt edu>
Content-Type: text/plain; charset="us-ascii"

On Fri, 15 Jul 2011 09:39:59 PDT, Silic0n said:

Corruption will be under control.. Every Indian will have Money n Power..


Just a tad wishful thinking in that rant, aren't we?

(Incidentally, if every Indian has money, it will require very careful fiscal
policy to avoid some really nasty hyperinflation...)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110715/6d3185d1/attachment-0001.bin 

------------------------------

Message: 5
Date: Fri, 15 Jul 2011 19:18:24 -0400
From: Naresh Jha <rappercrazzy () gmail com>
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
    (Due to Mumbai Terror)
To: Valdis.Kletnieks () vt edu
Cc: Silic0n <science_media017 () yahoo com>,
    full-disclosure () lists grok org uk
Message-ID:
    <CAMKnF7RjwT9-R_w=5YuS7MOzn9Gu6Oh22wf-YiaMV2ojT+MVrw () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Science Media - Is that all you got? Is that all you have and can do to
respond back to PK? YAHA/ IHC ko yaad karo ??? Itna hi ban pada tum logon
se.... Itne saare log and bus itna hi ???

 It is often said, when a person dies, its not a single death but death of
many more .... unke aansu ka kya yehi mol hai ?

On Fri, Jul 15, 2011 at 7:00 PM, <Valdis.Kletnieks () vt edu> wrote:


On Fri, 15 Jul 2011 09:39:59 PDT, Silic0n said:

Corruption will be under control.. Every Indian will have Money n Power..


Just a tad wishful thinking in that rant, aren't we?

(Incidentally, if every Indian has money, it will require very careful
fiscal
policy to avoid some really nasty hyperinflation...)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110715/c18c5305/attachment-0001.html 

------------------------------

Message: 6
Date: Sat, 16 Jul 2011 05:49:27 +0000
From: w0lfd33m () gmail com
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
    (Dueto Mumbai Terror)
To: "webDEViL" <w3bd3vil () gmail com>,
    full-disclosure-bounces () lists grok org uk,    "Silic0n"
    <science_media017 () yahoo com>
Cc: full-disclosure () lists grok org uk
Message-ID:
    <274849754-1310795264-cardhu_decombobulator_blackberry.rim.net-1715578857-@b12.c11.bise7.blackberry>
    
Content-Type: text/plain

We might see a few more of these after the recent blasts in India. Cyberwar between both nations can be at peak for 
some time again!
 
Regards;
w0lf
www.maestro-sec.com
-- sent from BlackBerry --

-----Original Message-----
From: webDEViL <w3bd3vil () gmail com>
Sender: full-disclosure-bounces () lists grok org uk
Date: Sat, 16 Jul 2011 01:35:05 
To: Silic0n<science_media017 () yahoo com>
Cc: <full-disclosure () lists grok org uk>
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team (Due
 to Mumbai Terror)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



------------------------------

Message: 7
Date: Sat, 16 Jul 2011 17:10:35 +0800
From: YGN Ethical Hacker Group <lists () yehg net>
Subject: [Full-disclosure] MyST BlogSite | Multiple Vulnerabilities
To: full-disclosure <full-disclosure () lists grok org uk>
Message-ID:
    <CAPYM6Vwm9VUHd5=EWY9407G913dymq-G=qKUO2V-Od-h2KYi0A () mail gmail com>
Content-Type: text/plain; charset=UTF-8

===============================
MyST BlogSite | Multiple Vulnerabilities
===============================


1. VULNERABILITY DESCRIPTION


--> Issue Title: Arbitrary URL Redirect
Component: MyST BlogSite ClickDirector

Ref: OWASP - Top 10 - 2010 - A10
Ref-Link: https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards

Proof-Of-Concept:
http://blogsite.com/public/click/~sites/attacker.in/malware_exists_in_this_page/
http://blog.cenzic.com/public/click/~sites/attacker.in/malware_exists_in_this_page/
[FIXED]


--> Issue Title: Information Leakage    
Ref: WASC-13
Ref-Link: http://projects.webappsec.org/w/page/13246936/Information-Leakage

This could be used to brute force (http://blogsite.com/login)

Proof-Of-Concept:
http://blogsite.com/public/mostl/1
http://blogsite.com/public/mostl/2
http://blogsite.com/public/my-account/1
http://blogsite.com/public/my-account/2
http://blogsite.com/public/object/1
http://blogsite.com/public/object/2
http://blogsite.com/public/object/3


--> Issue Title: Arbitrary Text Insertion

This could be used to deliver defamatory message to unaware users.

Proof-of-Concept:
http://blogsite.com/public/mostl-action/1?action=Browse&text=This%20blog%20was%200wned!



2. VENDOR

MyST Technology Partners, Inc.
http://myst-technology.com/


4. DISCLOSURE TIME-LINE

2011-04-17: reported vendor
2011-07-16: vulnerability found unfixed
2011-07-16: vulnerability disclosed    


5. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[MyST_BlogSite]_vulnerabilities_2011-07

#yehg [2011-07-16]



------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

End of Full-Disclosure Digest, Vol 77, Issue 18
***********************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: