Full Disclosure mailing list archives
Re: New Source Code Vulnerability Scanner (Free 30 Day Trial)
From: Jens Christian Hillerup <jens () hillerup net>
Date: Thu, 2 Dec 2010 21:50:40 +0100
Dropping a 0day for y'all. So I found a vulnerability in the license management code in this software. It's off the top of my head, and is presented in an untested state. It seems, however, that if you continue using the software *after* the free 30-day trial it will actually continue working! This is due to a very week license management implementation, relying on the user agreeing to remove the software after having used it for a total of thirty days. This flaw affects all known builds of the source code posted, and stands currently with no workaround or hotfix. The vendor has yet to be contacted, but is expected to push a patch for this vuln any day now. -jc On Thu, Dec 2, 2010 at 9:30 PM, netinfinity <netinfinity.securitylab () gmail com> wrote:
How much is the commercial version? I'd like to buy it for my hosting company. On Thu, Dec 2, 2010 at 7:18 PM, <vulnscan () hushmail com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Esteemed members of the Full Disclosure mailing list, In the wake of the recent compromise of the ProFTPd distribution server and the subsequent root-level backdoor that was placed into the source[0], we are proud to announce a cutting edge source code scanner that will help you detect backdoors in your code. This code is free to use for 30 days, after which time you must pay for it. - ------------- el8 Vuln Scan v.0.1 ------------- #!/bin/bash ################################################################### # # Place this script inside the top level directory of your # source code repo. # # Please delete this after 30 days, or purchase a copy from our # online store. # # 50% of all proceeds will go to the victims that have been # owned by ACIDBITCHES within the past 6 years. # ################################################################### # main export PATH=/bin grep -r ACIDBITCHES * - ------------- el8 Vuln Scan v.0.1 ------------- Thank you for helping us to help you make the Internet a safer place. [0] http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging- sigs/7965 -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkz34wkACgkQnCf21LwRaXbdlwP/bRK2S7SA77h05jF1cdBty4hefooL Zx0GOeABoqTZKnaNuKxGqwdPtg7fyNctrb7iMzehzJWBXnAD1Zik2UCujZINxeE8BFhw yTN9gshJZB1cdWSHwxQdiB+NqS9eRqg3s0J8i/9EjzNVkgX4EJTJZMXv9oEUDCgwW92h 7KFZMWU= =mJJI -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- www.google.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New Source Code Vulnerability Scanner (Free 30 Day Trial) vulnscan (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Eyeballing Weev (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) netinfinity (Dec 02)
- Message not available
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) netinfinity (Dec 02)
- Message not available
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Jens Christian Hillerup (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Cal Leeming [Simplicity Media Ltd] (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) dave b (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Cal Leeming [Simplicity Media Ltd] (Dec 03)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) dave b (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Michael McGraw-Herdeg (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) IA64 LOL (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Michal Zalewski (Dec 03)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Georgi Guninski (Dec 04)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) netinfinity (Dec 04)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Georgi Guninski (Dec 04)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Adam Kration (Dec 05)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Georgi Guninski (Dec 04)