lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030718222018.22489.qmail@singapore.net>
From: morning_wood at singapore.net (Franks and Beans)
Subject: SUMMTERTIME 0d4y POPPYTOP PHP i get out of school YAY

NEW MAIL LIST START! 0D4Y@...isALLiKNOW.COM TO JOIN! YAY!!!
I LUB U MUMMY FOR NEW SERVER! YAY!!!!!!!


------------------------------------------------------------------
          - EXPL-A-2003-016 exploitlabs.com Advisory 017 
             [still, no one tell me what number mean! plz!!!]
------------------------------------------------------------------
                         -= PoppyTop PHP =-


Donnie Weinerzucker
July 18, 2003
I <3 XSS


Intro:
---------------
I sorry for posting no good before to list, my mommy say i special
and i think i go make every1 happy but they hate me, why!
i just want be elite hacker like mitnick but no one teach me exploit
they say "you learn" but i just want hack nasa .gov sites, and play
with my sub7 and trojans [e-mail me for trade sub7 LEGEND!]

help plzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz



ANTHONY AYKRUT! I LOVE UUUUUUUUUUUU!!!!!!!!!!!!!!!!!! MAKE ME BABY!!!

Vunerability(s):
----------------
1. XSS Vulnerability
2. Elite Hacker Stuff
3. Bad Code & Credit Stealing


Product:
--------
PoppyTop PHP script i make for friend
2 people use, me and him. pricate code
But i no code good, no know how to code at all
so i find exploit and now i share 0d4y!!@$!@$


http://exploitlabs.com/files/woods/poppyt-php.zip



Comments:
-------------------
I stupid fat head and have fat face and I only
have sex with my mouse and pet iguana

i coding new program called cornioPLP, it program
let you execute many thing from web. many wholes you
can find in it soon when i upload to me website
If u find wholes and you tell any1 i sue u cuz i can
do that cuz u bad person



Description of product:
-----------------------
"poppytop php program that allows you to edit your main index page 
on the fly through get or post to php script"
http://exploitlabs.com/files/woods/poppyt-php.zip
 Author: Donnie Werner

Requirements:
Webspace with PHP support.
have been developed over a Apache + PHP
platform running in Windows XP[sum1 give me linux shell plzzz i never use unix be4 i hear u hack on linux] 
and have not been fully tested because I don't knwo how code

ummm.. ok  hint: it runs on my box along with the backdoor on it



VUNERABILITY / EXPLOIT
======================
Another bad code page editor php script with many flaws...


1. XSS, if u edit u page and put:

"<SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie
);</SCRIPT>"

it go show u cookie! HAH why I so elite.
"the JS code is rendered / executed in the the users browser." [i copy 
from xss101 cause i no no english]

2. XSS Vunerabilities lay in everything that u change in
main index page. and no authentication so u can hack many
pages [mine and my friend]

3. backdoor on my computer and i hack and i no  know how to get rid of

4. I know elite trojan stuff in visual basic

5. I die and should suck



EXPLOIT CODE:
-------
input <script> above and hack everybody!

can sum1 teach me what so big about xss? i make popup but i no
know what to do then, how i do command? like "defaced by l33t h4cker w00d"

why u hate my limp arm


Local:
------
everything remote is local!!!

Remote:
-------
yup we got XSS and stuff via remote


Vendor Fix:
-----------
There is no fix on 0day because I don't know how to code. I make
the script i now make adv for, someone fix it or i sue u for hacking


Vendor Contact:
---------------
Yep, i contacted me self but i realize i faggoty head


Credits:
--------

Donnie Werner (morning_wood@...me4.com)
5685 Eagle Pky #2
Ferndale, Wa 98248
360-312-8011 ~ call me if you want to talk about XSS
SSN# 313-59-7823

I 38 and divorced 1 time [i beat her so she leab me,want see divorce papers?]
but i think i l33t so i hangout with 16 year olds on irc, YAYYYYYYYYYY

visit my sites!
exploitlabs.com (maybe some day i learn more than xss)
nothackers.org (the XSS 0y34r ph34r, "Freedom of voice" till you say something i no like)
and other lame sites that have nothing! 

Original advisory may be found at
http://exploitlabs.com/files/advisories/EXPL-A-2003-016-popfe.txt


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Goodbyes;

I make song about XSS, everyone look how elite;


"I love u, u love me, we're a happy family
with a pop up here and  pop up there
we make popups but dont know where to go from there"


YAY!!!!!!!! if u copy & put on u site i sue u cuz it copy write

No one contact me from defcon yet, plz defcon! i know xss in obscure scripts
nobody uses, i teach mad l33t stuff!



Greets;

Project cOd,  Donnie Weiner, w00w00[i know null technique]
badpack3t(i'm almost as lame as you! nice sploitz!), the cisco kyd, moot bailey,



0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 
   0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y
                        0d4y thinking caps on!

0D4Y EXPLOIT ON FULL DISCLOSURE ~ THEY MAIL YOU PASSWORD BACK IN CLEARTEXT
HAHAHAH HOW LAME THAT IS?!?!@?!@ HAHAHAHHA-ROFLMFAOHAHAHAHHAA


                XSS THE PLANET!!!!!!  YEAHHH!!!!!!!!!!! LUCY!!!!!
                
                                   THE END
-- 
_______________________________________________
Get your free email from http://www.singapore.net
Get US $10 Now: http://www.resource-a-day.com/members2/rsathyamurthy

Powered by Outblaze

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ