[<prev] [next>] [day] [month] [year] [list]
From: meme-boi at nothotmail.org (meme-boi)
Subject: 0 day morning wood style
-[[Morning Wood Style "0-day/0-sec" extravaganza!!]]-
- shouts to wood for re-defining the term
"0day" who needs solar designer!
[[[Table of Contents]]] ---------------------
(1)Computercops Security Pro Toolkit - VULN
Computercops.biz
(2)Cyberarmy Surf Safe Env Checker -VULN
(3)Closing
----------------------------------------------
--[ 1 ]:: Computercops.biz (security professionals)
Computer Cops Security Professional Toolkit
Fun for the whole family!
"Because Security is Everything"
--[Path and function disclosure vulnerability:
Computercops run several internet security
tools available online like trojan scanner
nmap scanner and many other very professional
tools for security professionals.
--[Path Disclosure in Professional trojan scan thing:
http://www.computercops.biz/firewall/Trojan_TCP_Scan/Scan.php
When scanner fails to connect to a port we get "O-day"
in custom professional script ccspTrojans.php:
/home/www/computercops/modules/Trojan_TCP_Scan/ccspTrojans.php on line 137
--[Dangerous Function Revelation:
We also see:
Warning: fsockopen() [function.fsockopen]: php_hostconnect: connect
using fsockopen()
fsockopen() is well known to cause memory leaks and cause
server abend
ask frog man about this
--[ 1b ]
--[Path Disclosure in Professional TCP scan thing:
/home/www/computercops/modules/TCP_Scanner/ccspScan.php on line 61
When scanner fails to connect to a port we get O-day
in custom professional script.
--[Dangerous Function Revelation:
We also see:
Warning: fsockopen() [function.fsockopen]: php_hostconnect: connect
using fsockopen()
fosckopen() is well known to cause memory leaks and cause
server abend
Ask frogman about this
--[ Also Problematic:
Professional NMAP and UDP things for the above reasons
--[ Vendor Status:
Not notified , I was in fear of arrest and detention
by Computer Security Police Professionals
--[ Recommendation:
I highly recommend the Computer Cops Security Professional Toolkit
for high professionalism.
--[ 2 ]:: Cyberarmy
Cyberarmy Surf Safe Project
http://surfsafe.cpc-net.org
"The SurfSafe campaign is a project created by
the Cyberarmy Privacy Commission (CPC)"
"We, the CPC, are a non-profit organization geared
to protecting the privacy of the Internet user"
^ cure thyself physician
--[ Path Disclosure and Poor Input Checking:
"We have provided the following tools and service
to help improve the safety of your on-line
Internet experience".
-Environment Checker
We send random string to specially crafted environment
checking script like so:
http://surfsafe.cpc-net.org/modules.php?op=modload&name=Tools&file=/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////envcheck
Result:
Warning: Failed opening
'modules/Tools/_____________________________________________________________________________________________________________________________________________________________________________________________proxies.php'
for inclusion (include_path='.:/usr/local/lib/php') in
/home/cpc-net/public_html/surfsafe/modules.php on line 16
--[verdict:
Environment checker does not check it's own environment
--[ 3 ]:: Closing
After the last 15 minutes of intense auditing and investigation , I have
become convinced that I, a lowly Wal-mart janitor, can also become a
professional network security auditor and provide many critical insightsthat are detrimental to the infrastructure of information security.
I will be submitting a complete rewrite of the OISAFETY draft as well
as an in-depth expose' of format string vulnerabilities in WalMarts'
BEETLE-Win/DSS POS systems soon.
Summer of the Sickness is drawing near.......
Copyright ? 2003, Paper Street Soap Company, Inc.
Powered by blists - more mailing lists