Date: Thu, 2 Dec 2010 21:58:39 +0100
From: netinfinity <netinfinity.securitylab@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: New Source Code Vulnerability Scanner (Free
 30 Day Trial)

So due to weak implemetation of license it has a bug. I'm creating a torrent
for this scanner as we speak, and I will put it on thepritebay, so more
honest people like me can download it for free.

On Thu, Dec 2, 2010 at 9:50 PM, Jens Christian Hillerup
<jens@...lerup.net>wrote:

> Dropping a 0day for y'all.
>
> So I found a vulnerability in the license management code in this software.
> It's off the top of my head, and is presented in an untested state. It
> seems, however, that if you continue using the software *after* the free
> 30-day trial it will actually continue working! This is due to a very week
> license management implementation, relying on the user agreeing to remove
> the software after having used it for a total of thirty days.
>
> This flaw affects all known builds of the source code posted, and stands
> currently with no workaround or hotfix. The vendor has yet to be contacted,
> but is expected to push a patch for this vuln any day now.
>
> -jc
>
>
> On Thu, Dec 2, 2010 at 9:30 PM, netinfinity <
> netinfinity.securitylab@...il.com> wrote:
>
>> How much is the commercial version?
>>
>> I'd like to buy it for my hosting company.
>>
>>
>> On Thu, Dec 2, 2010 at 7:18 PM, <vulnscan@...hmail.com> wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Esteemed members of the Full Disclosure mailing list,
>>>
>>> In the wake of the recent compromise of the ProFTPd distribution
>>> server and the subsequent root-level backdoor that was placed into
>>> the source[0], we are proud to announce a cutting edge source code
>>> scanner that will help you detect backdoors in your code. This code
>>> is free to use for 30 days, after which time you must pay for it.
>>>
>>>
>>> - ------------- el8 Vuln Scan v.0.1 -------------
>>>
>>> #!/bin/bash
>>>
>>> ###################################################################
>>> #
>>> # Place this script inside the top level directory of your
>>> # source code repo.
>>> #
>>> # Please delete this after 30 days, or purchase a copy from our
>>> # online store.
>>> #
>>> # 50% of all proceeds will go to the victims that have been
>>> # owned by ACIDBITCHES within the past 6 years.
>>> #
>>> ###################################################################
>>>
>>> # main
>>>
>>> export PATH=/bin
>>>
>>> grep -r ACIDBITCHES *
>>>
>>> - ------------- el8 Vuln Scan v.0.1 -------------
>>>
>>>
>>> Thank you for helping us to help you make the Internet a safer
>>> place.
>>>
>>>
>>> [0]
>>> http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging-
>>> sigs/7965<http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging-%0Asigs/7965>
>>> -----BEGIN PGP SIGNATURE-----
>>> Charset: UTF8
>>> Version: Hush 3.0
>>> Note: This signature can be verified at https://www.hushtools.com/verify
>>>
>>> wpwEAQMCAAYFAkz34wkACgkQnCf21LwRaXbdlwP/bRK2S7SA77h05jF1cdBty4hefooL
>>> Zx0GOeABoqTZKnaNuKxGqwdPtg7fyNctrb7iMzehzJWBXnAD1Zik2UCujZINxeE8BFhw
>>> yTN9gshJZB1cdWSHwxQdiB+NqS9eRqg3s0J8i/9EjzNVkgX4EJTJZMXv9oEUDCgwW92h
>>> 7KFZMWU=
>>> =mJJI
>>> -----END PGP SIGNATURE-----
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>>
>> --
>> www.google.com
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>


-- 
www.google.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists