Full Disclosure mailing list archives
0 day morning wood style
From: "meme-boi" <meme-boi () nothotmail org>
Date: Thu, 5 Jun 2003 18:56:01 -0700 (PDT)
-[[Morning Wood Style "0-day/0-sec" extravaganza!!]]- - shouts to wood for re-defining the term "0day" who needs solar designer! [[[Table of Contents]]] --------------------- (1)Computercops Security Pro Toolkit - VULN Computercops.biz (2)Cyberarmy Surf Safe Env Checker -VULN (3)Closing ---------------------------------------------- --[ 1 ]:: Computercops.biz (security professionals) Computer Cops Security Professional Toolkit Fun for the whole family! "Because Security is Everything" --[Path and function disclosure vulnerability: Computercops run several internet security tools available online like trojan scanner nmap scanner and many other very professional tools for security professionals. --[Path Disclosure in Professional trojan scan thing: http://www.computercops.biz/firewall/Trojan_TCP_Scan/Scan.php When scanner fails to connect to a port we get "O-day" in custom professional script ccspTrojans.php: /home/www/computercops/modules/Trojan_TCP_Scan/ccspTrojans.php on line 137 --[Dangerous Function Revelation: We also see: Warning: fsockopen() [function.fsockopen]: php_hostconnect: connect using fsockopen() fsockopen() is well known to cause memory leaks and cause server abend ask frog man about this --[ 1b ] --[Path Disclosure in Professional TCP scan thing: /home/www/computercops/modules/TCP_Scanner/ccspScan.php on line 61 When scanner fails to connect to a port we get O-day in custom professional script. --[Dangerous Function Revelation: We also see: Warning: fsockopen() [function.fsockopen]: php_hostconnect: connect using fsockopen() fosckopen() is well known to cause memory leaks and cause server abend Ask frogman about this --[ Also Problematic: Professional NMAP and UDP things for the above reasons --[ Vendor Status: Not notified , I was in fear of arrest and detention by Computer Security Police Professionals --[ Recommendation: I highly recommend the Computer Cops Security Professional Toolkit for high professionalism. --[ 2 ]:: Cyberarmy Cyberarmy Surf Safe Project http://surfsafe.cpc-net.org "The SurfSafe campaign is a project created by the Cyberarmy Privacy Commission (CPC)" "We, the CPC, are a non-profit organization geared to protecting the privacy of the Internet user" ^ cure thyself physician --[ Path Disclosure and Poor Input Checking: "We have provided the following tools and service to help improve the safety of your on-line Internet experience". -Environment Checker We send random string to specially crafted environment checking script like so: http://surfsafe.cpc-net.org/modules.php?op=modload&name=Tools&file=/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////envcheck Result: Warning: Failed opening 'modules/Tools/_____________________________________________________________________________________________________________________________________________________________________________________________proxies.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/cpc-net/public_html/surfsafe/modules.php on line 16 --[verdict: Environment checker does not check it's own environment --[ 3 ]:: Closing After the last 15 minutes of intense auditing and investigation , I have become convinced that I, a lowly Wal-mart janitor, can also become a professional network security auditor and provide many critical insightsthat are detrimental to the infrastructure of information security. I will be submitting a complete rewrite of the OISAFETY draft as well as an in-depth expose' of format string vulnerabilities in WalMarts' BEETLE-Win/DSS POS systems soon. Summer of the Sickness is drawing near....... Copyright © 2003, Paper Street Soap Company, Inc. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- 0 day morning wood style meme-boi (Jun 05)