| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro)
Subject: Supposed SaS "encryption" weak - Coments and Infor about wrong claims
Dear Paul,
I've testing your exploit ( good one ) for the supposed html encryption weak
of SaS.
I think yo toke the exploit/perl script from a developers site because SaS
is using an standard of encoding,
here is the proof :
variables for function _fwk_filter_encrypt($content)
$table = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_@";
$xor = 165;
as you see it's not encryption , so , you didn't cracked nothing....
you decoded it !
the script its not for protect sites information such as passwds or usrnames
, etc , it is stupid to use it for those things.
It is only a low protection for people that copy contents ( people that its
only interested in copying things ) and its not
for critical uses.
Another thing:
here is the code for prepare tables of encoding characters:
$table = array_keys(count_chars($table, 1));
$i_min = min($table);
$i_max = max($table);
for ($c = count($table); $c > 0; $r = mt_rand(0, $c--))
array_splice($table, $r, $c - $r, array_reverse(array_slice($table, $r,
$c - $r)));
the encode sequence:
$len = strlen($content);
$word = $shift = 0;
for ($i = 0; $i < $len; $i++)
{
$ch = $xor ^ ord($content[$i]);
$word |= ($ch << $shift);
$shift = ($shift + 2) % 6;
$enc .= chr($table[$word & 0x3F]);
$word >>= 6;
if (!$shift)
{
$enc .= chr($table[$word]);
$word >>= 6;
}
}
if ($shift)
$enc .= chr($table[$word]);
--- THE FINAL DECODE SEQUENCE ----
// Decode sequence
$tbl = array_fill($i_min, $i_max - $i_min + 1, 0);
while (list($k,$v) = each($table))
$tbl[$v] = $k;
$tbl = implode(",", $tbl);
$fi = ",p=0,s=0,w=0,t=Array({$tbl})";
$f = "w|=(t[x.charCodeAt(p++)-{$i_min}])<<s;";
$f .= "if(s){r+=String.fromCharCode({$xor}^w&255);w>>=8;s-=2}else{s=6}";
----
You see ?
xD
So definately not encryption ,
you are wrong....
encoding , i know , is a shit form to protect things but its the easier and
fast form to bind a low protection system for contents.
here is the javascript used:
$r.= "function decrypt_p(x){";
$r.= "var l=x.length,b=1024,i,j,r{$fi};";
$r.=
"for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){{$f}}do
cument.write(r)}";
$r.= "}decrypt_p(\"{$enc}\")";
CONCLUSIONS:
- I think , i can be sure checking this later , you copied the exploit code
from a developers site.
- You were first wrong saying that the Encryption system is cracked , asyou
see you dind't cracked nothing !!
you decoded a simple xor sequence w00w!
- Your claims saying i have lots of free time for [-] other sites[-] its
completely inapropiatted,
first of all:
- i don't make these things for famous , just for fun and hobby
- i don't say false things
- sometimes i'm wrong ( i'm human ) or lots of times ! but the important
thing is that i recognice my errors.
--
Thank you and next time do a better research.
Best regards to all the members of Ful-Disclosure.
-------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__________________________________
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**********************************
No Secure Root Group Security Research Team
http://www.nsrg-security.com
______________________
Powered by blists - more mailing lists