lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY12-F111YmRG62jZ400007827@hotmail.com>
Date: Wed, 16 Jun 2004 03:39:18 +0000
From: "Mr. Anderson" <dt_student@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Singapore password file exploit


June 13 2004

There is a vulnerability in the software package of Singapore.
Say hello to theyr website: http://singapore.sourceforge.net/
This effects every version thye have made.

QUOTE OF THEIR DAY: (a while ago)_

"It is now a little over a year since singapore was first released on 
SourceForge.net. In that time it has grown from a simple script used on a 
single site to a fully fledged image gallery used on thousands of sites 
around the world."

BAD NEWS TOSE SIGHTS ARE ALSO NOW AL HACKED

In the singapore folder you are browsing on a website, go to: 
folder/data/adminusers.csv

Hello password files, with my 3.2 ghz extreme p4 i can crack you in miutes 
of time/.(md5 hash = lol )

This exploit can be fixed by putting access restrictions on the 
adminusers.csv file, something that almost nobody has done. The software 
does NOT do it on its own.

google has a nice list of the sitez which are now under hacker control:

http://www.google.com./search?hl=en&ie=UTF-8&q=%22Powered+by+singapore%22

other search sites i enjoy like dogpile find more.

What is importnat here is not the IMAGES getting hacked nobody cares about 
htat, lots of admins use the same pass of singapore on the FTP server or 
website ADMIN. try the passwords there and this site is now taken over from 
illegal hacking.

Thanksyou for your time this exploit is the first from my group known on the 
internet and lunix channels as www.wehack.com

~`TOBY`~

_________________________________________________________________
Watch the online reality show Mixed Messages with a friend and enter to win 
a trip to NY 
http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/01/



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ