lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 17 Jul 2011 08:28:00 -0700 (PDT)
From: Xa Buri <xaburi@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: SOngs.pk Hacked ! By Indian Hacker Team (Due
	to Mumbai Terror)

Mumbai Blast death Toll - Approx 20 <-- People actually DIED there.

In retaliation ----> songs.pk was defaced

Wow!!!

Shut the f*%k up and go die, bloody skids. If you want to advertise ur n4m3s there are better ways than using blasts as an agenda, do something technical for a change.

- Xa

From: Silic0n <science_media017@...oo.com>
Subject: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
    (Due to    Mumbai Terror)
To: full-disclosure@...ts.grok.org.uk
Message-ID:
    <1310747999.26056.YahooMailClassic@...110109.mail.gq1.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"

http://songs.pk/usersonline/usersonline.php


















 







    

        



Hacked

BY:Mr52, R00t_d3vil , InX_rOot , -[SiLeNtp0is0n]- ,Lucky, Silic0n , Ne0_h4ck3r , dodo, and Team ICA 

        

Pray for all the innocent victims of Mumbai attack ..


This is a small answer from All Indians.. Remember we are Together..


You can just kill innocent people .. Women & Childrens..


But There is no Future for you.. We are coming with huge speed..


Corruption will be under control.. Every Indian will have Money n Power..


Then there will be no one to Save you..


You are dirty stamp on Pure Islam.. Try to Understand & Respect it..


Just Remember We are coming


Bye ..


Exit




     _

?



        

        

        



        



  

  

  
Submit Your comment here .. 

Use Proper language.
  

    

 

        

    

    ?
Comment here? http://www.anvilbook.com/guestbook.php?mumbai






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110715/16ed9799/attachment-0001.html 

------------------------------

Message: 2
Date: Fri, 15 Jul 2011 21:59:04 +0300
From: Georgi Guninski <guninski@...inski.com>
Subject: Re: [Full-disclosure] Spooks really call em "Whizz" and "do
    cyber"
To: Jacqui Caren-home <jacqui.caren@...world.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID: <20110715185904.GB1798@...okote.iziade.m$>
Content-Type: text/plain; charset=utf-8

On Wed, Jul 13, 2011 at 07:52:15PM +0100, Jacqui Caren-home wrote:
> "I need some real internet whizzes in order to do cyber ..."
> "I probably have to do better than I am doing at the moment, or else my internet whizzes are not going to stay? and we do have a steady drip, I am afraid. "
> 
> http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8635959/Whizz-kids-deserting-the-spy-world-as-threat-of-attacks-increases.html
> 
> Jacqui
> 
> For the non brits here, the translation is - s/Cyber/pork barrel/gsi
> 
> Evidently EDS (HP) are getting 2BILLION UKP funding via GCHQ real soon now...
> 
> http://www.theregister.co.uk/2011/07/13/interception_modernisation_returns/
> 

god save h-america and the uk...

> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



------------------------------

Message: 3
Date: Sat, 16 Jul 2011 01:35:05 +0530
From: webDEViL <w3bd3vil@...il.com>
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
    (Due to Mumbai Terror)
To: Silic0n <science_media017@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID:
    <CAPgDQaKU29nvLrcq5SR6kcURHH6OF8w1zTsERsoMLZnpXPohwg@...l.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

I always had a feeling pirates were behind such attacks.
But music pirates seems to be a bit too much.


On Fri, Jul 15, 2011 at 10:09 PM, Silic0n <science_media017@...oo.com>wrote:

> http://songs.pk/usersonline/usersonline.php
>
>   Hacked
>
> BY:*Mr52, R00t_d3vil , InX_rOot , -[SiLeNtp0is0n]- ,Lucky, Silic0n ,
> Ne0_h4ck3r , dodo, and Team ICA *
>
> Pray for all the innocent victims of Mumbai attack ..
> This is a small answer from All Indians.. Remember we are Together..
> You can just kill innocent people .. Women & Childrens..
> But There is no Future for you.. We are coming with huge speed..
> Corruption will be under control.. Every Indian will have Money n Power..
> Then there will be no one to Save you..
> You are dirty stamp on Pure Islam.. Try to Understand & Respect it..
> Just Remember We are coming
> Bye ..
> Exit
> _
>
>
>   Submit Your comment here ..
> <http://www.anvilbook.com/guestbook.php?mumbai>
> Use Proper language.
>
>
>
>
> Comment here  http://www.anvilbook.com/guestbook.php?mumbai
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Regards,
webDEViL

http://twitter.com/w3bd3vil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110716/4abdab61/attachment-0001.html 

------------------------------

Message: 4
Date: Fri, 15 Jul 2011 19:00:24 -0400
From: Valdis.Kletnieks@...edu
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
    (Due    to Mumbai Terror)
To: Silic0n <science_media017@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID: <67649.1310770824@...ing-police.cc.vt.edu>
Content-Type: text/plain; charset="us-ascii"

On Fri, 15 Jul 2011 09:39:59 PDT, Silic0n said:
> Corruption will be under control.. Every Indian will have Money n Power..

Just a tad wishful thinking in that rant, aren't we?

(Incidentally, if every Indian has money, it will require very careful fiscal
policy to avoid some really nasty hyperinflation...)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110715/6d3185d1/attachment-0001.bin 

------------------------------

Message: 5
Date: Fri, 15 Jul 2011 19:18:24 -0400
From: Naresh Jha <rappercrazzy@...il.com>
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
    (Due to Mumbai Terror)
To: Valdis.Kletnieks@...edu
Cc: Silic0n <science_media017@...oo.com>,
    full-disclosure@...ts.grok.org.uk
Message-ID:
    <CAMKnF7RjwT9-R_w=5YuS7MOzn9Gu6Oh22wf-YiaMV2ojT+MVrw@...l.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Science Media - Is that all you got? Is that all you have and can do to
respond back to PK? YAHA/ IHC ko yaad karo ??? Itna hi ban pada tum logon
se.... Itne saare log and bus itna hi ???

 It is often said, when a person dies, its not a single death but death of
many more .... unke aansu ka kya yehi mol hai ?

On Fri, Jul 15, 2011 at 7:00 PM, <Valdis.Kletnieks@...edu> wrote:

> On Fri, 15 Jul 2011 09:39:59 PDT, Silic0n said:
> > Corruption will be under control.. Every Indian will have Money n Power..
>
> Just a tad wishful thinking in that rant, aren't we?
>
> (Incidentally, if every Indian has money, it will require very careful
> fiscal
> policy to avoid some really nasty hyperinflation...)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110715/c18c5305/attachment-0001.html 

------------------------------

Message: 6
Date: Sat, 16 Jul 2011 05:49:27 +0000
From: w0lfd33m@...il.com
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
    (Dueto Mumbai Terror)
To: "webDEViL" <w3bd3vil@...il.com>,
    full-disclosure-bounces@...ts.grok.org.uk,    "Silic0n"
    <science_media017@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID:
    <274849754-1310795264-cardhu_decombobulator_blackberry.rim.net-1715578857-@....c11.bise7.blackberry>
    
Content-Type: text/plain

We might see a few more of these after the recent blasts in India. Cyberwar between both nations can be at peak for some time again!
 
Regards;
w0lf
www.maestro-sec.com
-- sent from BlackBerry --

-----Original Message-----
From: webDEViL <w3bd3vil@...il.com>
Sender: full-disclosure-bounces@...ts.grok.org.uk
Date: Sat, 16 Jul 2011 01:35:05 
To: Silic0n<science_media017@...oo.com>
Cc: <full-disclosure@...ts.grok.org.uk>
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team (Due
 to Mumbai Terror)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



------------------------------

Message: 7
Date: Sat, 16 Jul 2011 17:10:35 +0800
From: YGN Ethical Hacker Group <lists@...g.net>
Subject: [Full-disclosure] MyST BlogSite | Multiple Vulnerabilities
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Message-ID:
    <CAPYM6Vwm9VUHd5=EWY9407G913dymq-G=qKUO2V-Od-h2KYi0A@...l.gmail.com>
Content-Type: text/plain; charset=UTF-8

===============================
MyST BlogSite | Multiple Vulnerabilities
===============================


1. VULNERABILITY DESCRIPTION


--> Issue Title: Arbitrary URL Redirect
Component: MyST BlogSite ClickDirector

Ref: OWASP - Top 10 - 2010 - A10
Ref-Link: https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards

Proof-Of-Concept:
http://blogsite.com/public/click/~sites/attacker.in/malware_exists_in_this_page/
http://blog.cenzic.com/public/click/~sites/attacker.in/malware_exists_in_this_page/
[FIXED]


--> Issue Title: Information Leakage    
Ref: WASC-13
Ref-Link: http://projects.webappsec.org/w/page/13246936/Information-Leakage

This could be used to brute force (http://blogsite.com/login)

Proof-Of-Concept:
http://blogsite.com/public/mostl/1
http://blogsite.com/public/mostl/2
http://blogsite.com/public/my-account/1
http://blogsite.com/public/my-account/2
http://blogsite.com/public/object/1
http://blogsite.com/public/object/2
http://blogsite.com/public/object/3


--> Issue Title: Arbitrary Text Insertion

This could be used to deliver defamatory message to unaware users.

Proof-of-Concept:
http://blogsite.com/public/mostl-action/1?action=Browse&text=This%20blog%20was%200wned!



2. VENDOR

MyST Technology Partners, Inc.
http://myst-technology.com/


4. DISCLOSURE TIME-LINE

2011-04-17: reported vendor
2011-07-16: vulnerability found unfixed
2011-07-16: vulnerability disclosed    


5. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[MyST_BlogSite]_vulnerabilities_2011-07

#yehg [2011-07-16]



------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

End of Full-Disclosure Digest, Vol 77, Issue 18
***********************************************

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ