| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030615065004.77396.qmail@web11401.mail.yahoo.com> From: xillwillx at yahoo.com (w g) Subject: Infobot-backdoor "'Maybe we should have 2 lists instead of 1; full-discolure and full-disclosure-diapers'" i wanna be on the 'full-discolure' list , me no likey diapers... and yes some morons like yourself do install default when they dont know what the fuck they are doing ... so sit down ,shut the fuck up and quit your bitchin. kthnx Vanja Hrustic <vanja@...ox.com> wrote: On Sat, 14 Jun 2003 21:05:03 -0700 "morning_wood" wrote: > ------------------------------------------------------------------ > - EXPL-A-2003-007 exploitlabs.com Advisory 007 > ------------------------------------------------------------------ > -= infobot =- > > Vunerability: > ---------------- > 1. Remote Access Remote access to what? > by default there are two user names in infobot.users not commented out > > quote from from the infobot.conf file... It is infobot.users file, actually, as you mentioned earlier. Quote from README, at the top of the file (can't miss it, if you know how to read): "You will need to update your infobot.config and infobot.users. See the example files." You *really* have to be stupid in order to install default config/users file. > it seems the authors have provided themselves with a nifty backdoor... > or any one who can match these credentals in the user database > infobot.users This list seems to be overloaded with children between 13 and 15 years of age. Maybe we should have 2 lists instead of 1; full-discolure and full-disclosure-diapers What's your next advisory? "./configure; make; make install" copies files to predictable location !? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --------------------------------- Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030614/b36b3cd9/attachment.html
Powered by blists - more mailing lists