lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060615215550.64863.qmail@web53508.mail.yahoo.com>
Date: Thu, 15 Jun 2006 14:55:50 -0700 (PDT)
From: us3rg0d <us3r_g0d@...oo.com>
To: bugtraq@...urityfocus.com
Subject: PTT.yu Guestbook Vulnebility


============================
PTT.yu Guestbook Vulnebility
============================
Discovered by: us3rg0d 
Mail: us3r_g0d@...oo.com
Site: www.us3rg0d.tk
      www.cformatkrew.tk

greetz: m3t4b0l1c,Fu3g0,DELTA,Phantom,NeshYu,
skull_boy,Orwell,MetalBOY,[YesPeace],Intruder,

Loading_3rr0r,DrNoise
fuckz: PC_TEROR (virus-x, erol-s)
============================

PTT.yu guestbook have all ptt users which have ftp
access.
Here is a simple url which are using all ptt.yu users:
-------------------<CUT>------------------
http://www.ptt.yu/korisnici/[1st LETTER OF
USERNAME]/[2nd LETTER OF USERNAME]/[COMPLETE
USERNAME]/guestbook.htm(l)
-------------------</CUT>------------------

Vulnerable source code of upis.htm (which is used to
sign into guestbook) 
looks like this:

-------------------<CUT>------------------
<form action=http://www.ptt.yu/cgi-bin/guestbook.cgi
method=post name=pad target=frame>
        <input type=hidden name=realname value=' '>
        <input type=hidden name=comments value=' '>
        <input type=hidden name=handle>
        <input type=hidden value=[USERNAME]
name=owner>
</form>
-------------------</CUT>------------------

This means thats all guestbooks using guestbook.cgi to
post messages.After
you goes in guestbook.cgi and view a source code,you
would see that this 
script have no flood protection,so you can flood it
right afther you find out
how its working.
So,to sing into guestbook of some user,you just need
to use:
-------------------<CUT>------------------
http://www.ptt.yu/cgi-bin/guestbook.cgi?[USERNAME]
-------------------</CUT>------------------

Using this kind of flood attack results a buffer
overflow. 
So make a simple program that filling this field or
use one
of 3 exploits that i made in Visual Basic.You can
download it from:
http://us3rg0d.50webs.com/pttgdos.rar
http://us3rg0d.50webs.com/massptt.zip
http://us3rg0d.50webs.com/pttfl00d.zip

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ