lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed Dec  7 14:28:59 2005
From: n0fear at km.ru (n0fear@...ru)
Subject: Oh noes, the 0x90 NOP crew have been NOP'd!



> Hah.  That's a weird script anyways.  Who's crazy enough to punch in
> their password into some guys' "analyzer" knowing good and well it
> could be used against them or at least wind up in someone's private
> wordlist?

> On 12/7/05, cranium pain <coardump@...il.com> wrote:
>>
>>  ---------------------------------------
>>  !!!0-Day Alert  0-Day Alert!!!
>>  ---------------------------------------
>>  Who Is Vulnerable:   0x90.org
>>  Who Are They:         Developers of Web Based security tools
>>  Impact:                    Red Faces For l33t Haxxors
>>  Time Line:               Today
>>  ---------------------------------------
>>
>>  0x90.org is a site ran by a bunch of hacker wanna-be's that write stuff to
>> audit web sites and web applications, stuff like XXS / Java script
>> injection, HTML injection and SQL injection.
>>
>>  They are also the proud developers of Absynth. No, not that favorite
>> alchoholic beverage that you use to intoxicate helpless females on a
>> Saturday night, dulling their senses so that you can more easily social
>> engineer them in to believeing that you are really a hot sex puppy and a mad
>> leet haxxor that speaks at all the cons while wearing your "I read your
>> mail" t-shirt, rather than the noob you are!
>>
>>  Absynth is the web auditing tool which is commonly used by many CCISP
>> certified security professionals and professional penetration testers, 99%
>> of whom release top notch, serious remote 0day exploits to the community
>> daily.
>>
>>  Well, these jokers obviously never run their tools on their own web site,
>> as such they have left their self open to some injection flaws of their own:
>>
>>  POC:
>>  --------
>>
>>  POST http://www.0x90.org/passwd/index.php?password=">Oh
>> Noooeeessssss!!!
>>
>>
>>  doh..
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter:
>> http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>


> --
> Robert Wesley McGrew
> http://cse.msstate.edu/~rwm8/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Or in case of coardump@...il.com, who *maybe* trying to retrieve some 0day local
sploits from FD readers, who got local unpriv shell through this form.

(Form is now closed, i know)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ