lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: leseulfrog at hotmail.com (Frog Man) Subject: Fw: ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA (used by 3 peoples on internet) !!! 0DAY EXPLOIT ! This advisory was not written by me. It's a fake. bye frog-m@n >----- Original Message ----- >From: <frogman@...log.org> >To: <full-disclosure@...ts.netsys.com> >Sent: Monday, July 05, 2004 9:20 PM >Subject: [Full-Disclosure] ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 >BETA (used by 3 peoples on internet) !!! 0DAY EXPLOIT ! > > > > This is IHCTEAM material. We fuck blackhats and we own the planet. This >is > > a leet advisory, s0 l33t. Just read it and be quiet. > > > > --------------------------- > > > > IHC TEAM private work, all the fame become to IHC TEAM and the leetest >mr. > > Frog-m@n !!!! > > > > Product: PHP > > Version: all > > Security level: Very high baby !!! > > > > > > What's the problem ? > > ================== > > > > There is a BIG 1337 BUG 0day in all the php versions for ever never. >This > > bug is caused by > > the system() function. This is a very VERY 3v1l backdoor, that allows > > execution of > > arbitrary shell command. This backdoor has been coded by ZyXyS from >HACK3R > > c0rp0r4ti0n (c) (TM) (R). > > > > Because we want fame, we'll explain you da bug: > > l00k at th1s 3v1l code: > > > > <? > > system("$cmd"); > > ?> > > > > *TADAAAA* ! > > > > > > If this code is on a webserver, a malicious user (like ZyXyS) can exec > > EVERYTHING and own EVERYWHERE. > > Example: > > www.thc-is-lame.org/page.php?cmd=ls%20/tmp > > > > It will give you: > > > > tmp-shells-owned-with-THC-Hydra-fucking-lame-kiddy-tool.txt > > adore.tar.gz > > last-10-leaked-exploits.tar.gz > > > > > > You see, you can rock. > > So, at this point we can see that ZyXyS is a very leet guy: THIS >BACKDOOR > > is less detectable than > > a LKM BACKDOOR like adore.tar.gz (<--- hahaha). > > > > I release this vulnerability because the K-otik team (www.k-otik.com) > > owned ZyXyS 10 days ago > > (after the fbi) and discovered the backdoor, and k-otik wanted to write >an > > advisory, ONLY FOR FAME > > AND MONEY. I want this fame (but for the money, I don't mind, I am rich > > because I sell 0day, > > traded on #darknet, to idefense), so I had to release the bug before >K-otik. > > k-otik is like hack.co.za, they release everything and nothing, but they > > can't code their own exploit. > > > > > > Greets: > > ====== > > > > Rudolf Polzer (divzero@...il.com): Thank to his idea to disclose this >bug > > and if you have another idea > > for us mail me > > packetstormsecurity: they give us kiddie-friendly exploits and mass >rooters > > spender: he sells good security patches > > isec: now my grandmother can r00t linux boxes > > bugtraq: they leak bugs found by ugly blackhats, which worked a lot of > > time to discover them > > espionet guys: they represented very well the hacker scene in a TV show > > with their netbus > > (please don't open my cdrom device guys) > > > > > > Fame: > > ==== > > > > > > We already owned everyone and everything with these exploits years ago, > > and in > > fact we've all had them sitting on the shelf gathering dust due to lack >of > > new targets. > > > > FUN TESTED IDEAS: > > > > www.team-teso.net (down because of us) > > www.thc.org (haha owned 10 times) > > www.securityfocus.com > > > > > > It was very funny to read .gov and .mil files. > > > > WARNING !!! > > > > /!\ WE ARE LOOKING FOR A JOB IN THE SECURITY RESEARCH /!\ > > > > Visit us: > > > > www.ihcteam.com > > www.newffr.com > > www.espionet.net > > www.underground-fr.org > > www.phpsecure.com > > > > > > --------------------------- > > > > We n33d f4me, m0n3y, g1rls and m0nk3ys, so VIVA EL DISCLOSURO. > > > > ---- fr0g-m@n ---- > > > > > > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > _________________________________________________________________ Des centaines de jobs de r?ve on-line. http://www.fr.msn.be/job/
Powered by blists - more mailing lists