lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.43.0311041035050.5491-100000@tundra.winternet.com>
Date: Tue, 4 Nov 2003 10:37:39 -0600 (CST)
From: Ron DuFresne <dufresne@...ternet.com>
To: advisory@...fiweb.de
Cc: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>,
   "full-disclosure@...ts.netsys.com" <full-disclosure@...ts.netsys.com>
Subject: Re: Re: Virginity Security Advisory 2003-002 : Tritanium Bulletin
 Board -    Read and write from/to internal (protected) Threads



Yes, but, you had to expect this, it had to comeup as the 'group' name was
being decided upon.

Of course, the debate of virgin state of computers is certainly not a null
nor moot issue either, do you know where yer laptop plays afterdark?!

Anyways, thanks for the laugh, I look forward to more ribbing as the
'group' parses out more virgins.

Thanks,

Ron DuFresne

On 4 Nov 2003 advisory@...fiweb.de wrote:

> Just look for "Virginity Security Advisory 2003-001"
>
> Besides: We do not secure virgins, our group name is just
> Virginity Security Research Center what has nothing to do with the human virginity but with the virginity of computers!!
>
> Am 03.11.2003 17:53:03, schrieb Ron DuFresne <dufresne@...ternet.com> :
>
> >
> > When did we start securing virgins?!?
> >
> > Thanks,
> >
> > Ron DuFresne
> >
> > On 31 Oct 2003, Virginity Security wrote:
> >
> > >
> > >
> > > - - - --------------------------------------------------------------------
> > > Virginity Security Advisory 2003-002
> > > - - - --------------------------------------------------------------------
> > >              DATE : 2003-10-31 22:59 GMT
> > >              TYPE : remote
> > > VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 (http://www.tritanium-scripts.com/)
> > >            AUTHOR : Virginity
> > > - - - --------------------------------------------------------------------
> > >
> > >
> > > Description:
> > >
> > > I found a security bug in Tritanium Bulletin Board:
> > > Normal Users can read the content of Threads to which they have no access rights!
> > > (and can answer to it which may be a problem if the internal forum has the right to insert html code)
> > >
> > > Author of the Software has been notified.
> > >
> > > - - - --------------------------------------------------------------------
> > >
> > >
> > > Example:
> > >
> > > http://[target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO READ]&forum_id=[ID OF FORUM]&sid=[your sid]
> > >
> > > Shows the window where The Attacker can answer to the topic and below that a window with the content of the thread!!!
> > > The Attacker can easily read all protected Threads since the thread_id is counted for every forum newly so just put from 1 on upwards :-)
> > >
> > > - - - --------------------------------------------------------------------
> > >
> > >
> > > Solution:
> > > Hey sorry this time i had no time for a solution :-)
> > >
> > > - - - --------------------------------------------------------------------
> > >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > "Cutting the space budget really restores my faith in humanity.  It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation." -- Johnny Hart
> > 	***testing, only testing, and damn good at it too!***
> >
> > OK, so you're a Ph.D.  Just don't touch anything.
> >
> >
> >
>
> -------
> Gesendet mit
> Konfiweb.de
> >und du siehst die Dinge anders
>
>
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ