lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 21 Dec 2012 09:49:59 -0500
From: Luis Santana <hacktalk@...ktalk.net>
To: Benji <me@...ji.com>
Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Selling Exploit on Deep Web

Semen samples are just how we pay the bills, don't hold that against us. Do you know how much you can get for over 9000 gallons of semen? You can get a lot, a _whole_ lot.

Anyway, I wasn't saying that the "Onion Bazaar" site was shit, simply that the OP said it was a place to buy/sell exploits and yet not a single exploit was available for sale; was a bit of the bait & switch.

<3 Benji, stop being so upset; you just survived the end of the world man!

On Dec 21, 2012, at 9:46 AM, Benji <me@...ji.com> wrote:

> Not your website. The website you were somehow accusing of being shit based on it's lack of interesting information when obviously hacktalk is a plethora of information, expertise and semen samples.
> 
> 
> On Fri, Dec 21, 2012 at 2:44 PM, Luis Santana <hacktalk@...ktalk.net> wrote:
> Lulz? Sorry bro but uh, the main page runs SMF not WeBid so I'm not really too sure where you pulled that from. Good job though, maybe santa will give you some of his cookies for your effort.
> 
> 
> On Dec 21, 2012, at 5:26 AM, Benji <me@...ji.com> wrote:
> 
>> Also genius, I know you're quick to kick things down because you are inept. However, I'd say after my whole 10 minute review of that code and a simple check with PHP that, that site is vulnerable to SQLi and by the look of it.
>> 
>> If we take a look at latest WeBid code, specifically selleremails.php, we see them doing an array_merge from $_POST to $user>user_data (user_data being a trusted array it would appear).
>> 
>> include 'includes/common.inc.php';
>> 
>> if (!$user->is_logged_in())
>> {
>> 	$_SESSION['REDIRECT_AFTER_LOGIN'] = 'selleremails.php';
>> 	header('location: user_login.php');
>> 	exit;
>> }
>> 
>> // Create new list
>> if (isset($_POST['action']) && $_POST['action'] == 'update')
>> {
>> 	$query = "UPDATE " . $DBPrefix . "users SET endemailmode = '" . $system->cleanvars($_POST['endemailmod']) . "',
>> 			  startemailmode = '" . $system->cleanvars($_POST['startemailmod']) . "',
>> 			  emailtype = '" . $system->cleanvars($_POST['emailtype']) . "'  WHERE id = " . $user->user_data['id'];
>> 	$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
>> 	$ERR = $MSG['25_0192'];
>> 	$user->user_data = array_merge($user->user_data, $_POST); //update the array
>> }
>> 
>> After staying up all night and working through this code, I came up with this test case:
>> <?php
>> $array1 = array("color" => "red");      
>> $array2 = array("color" => "test");
>> $result = array_merge($array1, $array2);
>> print_r($result);
>> ?>
>> Array
>> (
>>     [color] => test
>> )
>> 
>> So as we can overwrite any array value, we have SQLi across the application. Maybe a first 0day for hacktalk.net?
>> 
>> I will take your 'hella l33t', print it out, and then shit on it.
>> 
>> Suck my dick.
>> 
>> 
>> On Fri, Dec 21, 2012 at 10:12 AM, Benji <me@...ji.com> wrote:
>> You say "n00bz" welcome, where is my assistance and the warm atmosphere to embrace me into the world of script kiddy-ism? Oh, and the obvious literary genius.
>> 
>> 
>> On Fri, Dec 21, 2012 at 8:25 AM, Luis Santana <hacktalk@...ktalk.net> wrote:
>> Hella l33t bro, you can read an email address. Much propz
>> 
>> 
>> On Dec 21, 2012, at 3:22 AM, Benji <me@...ji.com> wrote:
>> 
>>> in other news, have you heard of the super cool site hacktalk.net where they almost have 1000 members?
>>> 
>>> 
>>> On Thu, Dec 20, 2012 at 3:13 PM, Luis Santana <hacktalk@...ktalk.net> wrote:
>>> Not a single fucking exploit on the entire site. gg sir, gg
>>> 
>>> 
>>> On Dec 10, 2012, at 2:17 PM, tig3rhack@...mail.org wrote:
>>> 
>>> > In Deep Web has created a new online site a few days ago that allows you
>>> > to sell even exploits, malware, etc. etc..
>>> > The site works like Ebay so everything is auctioned.
>>> >
>>> > you can get from tor: http://qatuopo4wmzkirlo.onion
>>> >
>>> > Or by proxy (tor2web): https://qatuopo4wmzkirlo.tor2web.org
>>> >
>>> > _______________________________________________
>>> > Full-Disclosure - We believe in it.
>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>> 
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>> 
>> 
>> 
>> 
> 
> 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ