Full Disclosure mailing list archives
Re: i've found an exploit, but i want to make it do something before i report it
From: n3td3v <xploitable () gmail com>
Date: Sat, 8 Jul 2006 00:17:23 +0100
On 7/7/06, ima cow <i-am-cow () rogers com> wrote:
i understand that this is "full disclosure", but before i actually spill the beans on the exact nature of the exploit i've found, i'd like to make it actually do something. for now, know that it affects a popular plugin for a popular messaging program. i'm at the stage where i can run any command on the remote user's computer (just like start > run...), or have them request remote assistance. other than showing them goatse, what can i do with this? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Its a Yahoo Mezzenger vulnerability, we sold to him about three months ago. It must be the most whored vulnerability in the script kid circuit, none of them can work out what to do with it.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- i've found an exploit, but i want to make it do something before i report it ima cow (Jul 07)
- Re: i've found an exploit, but i want to make it do something before i report it Valdis . Kletnieks (Jul 07)
- Re: i've found an exploit, but i want to make it do something before i report it n3td3v (Jul 08)
- Re: i've found an exploit, but i want to make it do something before i report it evilrabbi (Jul 08)
- <Possible follow-ups>
- i've found an exploit, but i want to make it do something before i report it ima cow (Jul 08)
- Re: i've found an exploit, but i want to make it do something before i report it daylasoul (Jul 09)
- Re: i've found an exploit, but i want to make it do something before i report it daylasoul (Jul 09)