lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: se_cur_ity at hotmail.com (morning_wood) Subject: W-Nikto PHP FrontEnd the satire is appriciated, the truest form of flatery.. thanks b0iler donnie ----- Original Message ----- From: "morning_wood Weinerzucker" <morning_wood@...gapore.net> To: <full-disclosure@...ts.netsys.com>; <0day@...hackers.org> Sent: Thursday, July 17, 2003 6:22 PM Subject: [Full-Disclosure] W-Nikto PHP FrontEnd > I go start new mail list where we can all frolick with fake exploit and XSS! who wanna join?!! Now 0d4y > > > ------------------------------------------------------------------ > - EXPL-A-2003-015 exploitlabs.com Advisory 016 [i dunno what these number mean] > ------------------------------------------------------------------ > -= w-nikto phpFE =- > > > Donnie Weinerzucker > July 17, 2003 > I release advisory of my own scripts! thats how l33t I am > > > Vunerability(s): > ---------------- > 1. Remote Commands Execution > 2. XSS Vulnerability > 3. File PERmission issues > 4. Bad Code & Credit Stealing > > > Product: > -------- > Wnikto32 PHP Remote Frontend > > > http://exploitlabs.com/files/woods/wnikto32-phpfe.zip > > > > Comments: > ------------------- > No Blame Me Because I Make Script. I not make nikto > not my fault, i just code bad frontend, blame nikto for > do nothing to protect againt my bad coding. > > > almost like inf-scan. no blame me for working on code > and putting it out as mine then exploiting it, not my > fault i can not code > > > > Description of product: > ----------------------- > "Wnikto32(vuln scanner i compiled, i l33t) with php remote frontend avail at > http://exploitlabs.com/files/woods/wnikto32-phpfe.zip > Author: Donnie Werner > > Requirements: > Webspace with PHP support. > have been developed over a Apache + PHP > platform running in Windows XP[me never used unix] and have not been fully tested > because I don't knwo how to code > > ummm.. ok hint: it runs on most anything with php installed > > > > VUNERABILITY / EXPLOIT > ====================== > Another very lame "scanner" frontend type of php script with many flaws... > > > 1. REMOTE COMMAND EXECUTION in the execution of the w-nikto.exe, > the frontend passes all input unfiltered. > > 2. XSS Vunerabilities lay in everything that give output > > "<SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie > );</SCRIPT>" > > the JS code is rendered / executed in the the users browser. > > 3. No authentication at all done giving anyone remote command access > > 4. I can't code and only know XSS > > 5. I suck and should die > > > > EXPLOIT CODE: > ------- > input | or ; surrounding most input > > see, I know exploit is. you tell me i no know exploit, hah > > > Local: > ------ > everything remote is local!!! > > Remote: > ------- > yup we got XSS and stuff via remote > > > Vendor Fix: > ----------- > There is no fix on 0day because I don't know how to code(look > at what I call advisories, me code?! HAH) > > > > Vendor Contact: > --------------- > Yep, and he got mad and pissed his pants while crying for his mother > > > Credits: > -------- > > Donnie Werner (morning_wood@...me4.com) > 5685 Eagle Pky #2 > Ferndale, Wa 98248 > 360-312-8011 ~ call me if you want to talk about XSS > > visit my sites! > exploitlabs.com (maybe some day i learn more than xss) > nothackers.org (the XSS 0y34r ph34r, "Freedom of voice" till you say something i no like) > and other lame sites that have nothing! > > Original advisory may be found at > http://exploitlabs.com/files/advisories/EXPL-A-2003-015-phpfe.txt > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Goodbyes; > > I only know XSS, thats why you can look at every script i review and find > alot more holes in them. I can scroll on IRC! I never seen a unix, i think it's > some kinda blackhat thing. I got exploit code! but only fake and exploit for my > own scripts I make. Maybe someone can e-mail me and tell me how to do dns because > I dont know how people can visit my site with www.! lately I complain because > nobody see that im "special"(i lub u mommy!) and servers should never start, I also > release programs but I dont know how to code. Just call me the unpatched xp kid! > I got hacked but i dont know yet... i got lots of porn e-mail me for trade. I got my > chan all logged, ask for logs and you can see how i know nothing. > > > If anyone saw my post in the "Invaded by morons" discussion, just ignore that > my comments of "And I think most of you may be in for a big supprise sometime > in a few weeks from me.... im so incompitent.. sheesh", I also thought my lame > Zope information disclosure/xss was going to make me famous! Because I want to > speak at defcon on how im so elite at XSS that i release it 0d4y! WOOHOO FOR ME > > > > Greets; > > Project cOd, Donnie Weiner, w00w00[u know aim technique, teech aim xss?] > badpack3t(i'm almost as lame as you! nice sploitz!), the cisco kyd, moot bailey, > > > > 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y > 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y > 0d4y thinking caps on! > > 0D4Y EXPLOIT ON FULL DISCLOSURE ~ THEY MAIL YOU PASSWORD BACK IN CLEARTEXT > HAHAHAH HOW LAME THAT IS?!?!@?!@ HAHAHAHHA-ROFLMFAOHAHAHAHHAA > > > XSS THE PLANET!!!!!! YEAHHH!!!!!!!!!!! LUCY!!!!! > > THE END > > -- > _______________________________________________ > Get your free email from http://www.singapore.net > Get US $10 Now: http://www.resource-a-day.com/members2/rsathyamurthy > > Powered by Outblaze > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists