lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <44149C41.5080604@heapoverflow.com>
Date: Sun Mar 12 22:10:23 2006
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: Advisory 2006-03-12 Gay Slut Overflow CRITICAL
	dismallest in Immunitysec Dave Aitel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
yep I have some little infos on this , the admin at c0replay showed me
an .sql

with a malicious script

********************************************************************************
- -- Dumping data for table `advisorytype`
- --

INSERT INTO `advisorytype` VALUES (1, 'Directory Transversal', 'Remote
exploitation of a directory traversal vulnerability in [product] could
allow attackers to overwrite or view arbitrary files with
user-supplied contents.');
INSERT INTO `advisorytype` VALUES (2, 'DoS Vulnerability', 'Sending a
specially crafted  malformed  packet to the services communication
socket can create a loss of service.');
INSERT INTO `advisorytype` VALUES (3, 'Integer Overflow', '[product]
incorrectly parses integer data, and this can be used to execute
arbitrary code.');
INSERT INTO `advisorytype` VALUES (4, 'Heap Overflow', 'It is possible
to make [product] crash or run arbitrary code by the use of malformed
input.');
INSERT INTO `advisorytype` VALUES (5, 'Buffer Overflow', 'It is
possible to make [product] crash or run arbitrary code by the use of
malformed input.');
INSERT INTO `advisorytype` VALUES (6, 'Off-by-one', 'It is possible to
make [product] crash by the use of malformed input.');
INSERT INTO `advisorytype` VALUES (7, 'Local Privilege Escalation
Vulnerability', '[product] incorrectly validates user input, making
privilege escalation possible.');

- -- --------------------------------------------------------

- --
- -- Table structure for table `fdmail`
- --

CREATE TABLE `fdmail` (
  `id` int(10) NOT NULL auto_increment,
  `Name` varchar(100) NOT NULL default '',
  `Email` varchar(100) NOT NULL default '',
  PRIMARY KEY  (`id`)
) TYPE=MyISAM AUTO_INCREMENT=2958 ;

- --
- -- Dumping data for table `fdmail`
- --

INSERT INTO `fdmail` VALUES (2078, 'Josh perrymon',
'perrymonj@...workarmor.com');
INSERT INTO `fdmail` VALUES (2077, 'Valdis.Kletnieks@...edu',
'Valdis.Kletnieks@...edu');
INSERT INTO `fdmail` VALUES (2075, 'Dave Korn',
'davek_throwaway@...mail.com');
INSERT INTO `fdmail` VALUES (2076, 'str0ke', 'str0ke@...w0rm.com');
INSERT INTO `fdmail` VALUES (2073, 'Morning Wood',
'se_cur_ity@...mail.com');
INSERT INTO `fdmail` VALUES (2074, 'Bipin Gautam',
'gautam.bipin@...il.com');

etc etc etc
***********************************************************************************

Im not sure but it looks like they have been hacked through the board
with an sql injection
, possible private bug I dunno but I know the maintainer of this
website and they aren't responsible of this.


Stan Bubrouski wrote:
> Not to mention all the messages come through www.c0replay.net
> assuming that part of the headersare accurate.  If you'll recall
> the same domain was used to spoof a message from Steven Rakick on
> March 4th. Seems some little kiddie in the UK (assumption warning!)
> is going to be paying some fines.  I wouldn't exactly call it smart
> to slander dozens of people... and moderation has never seemed more
> necessary.
>
> -sb
>
> On 3/12/06, Nicob <nicob@...ob.net> wrote:
>> Le dimanche 12 mars 2006 ? 01:08 -0800, dismallest dismallest a
>> ?crit :
>>> APPENDIX B. - References
>>> http://bantown.com/banforge/release.rar
>> http://bantown.com/ : "Our website was recently hacked [...]"
>>
>> and
>>
>> http://64.233.179.104/search?q=cache:1F21krhKFHEJ:bantown.com/banforge/
>>
>>
>> Index of /banforge
>>
>> Parent Directory         23-Feb-2006 22:51      - BPL.txt
>> 20-Aug-2005 15:08     4k LJiggaboo1.0.1rc2.tgz    21-Jan-2006
>> 13:10   142k Ljflooder2.pl            07-Aug-2005 05:07     5k
>> PhpBBreg-FIXEDLOL.py     08-Aug-2005 23:11     1k banbot.pl
>> 16-Aug-2005 11:36    15k fla.sh                   16-Aug-2005
>> 11:22     2k flu.shot                 19-Aug-2005 11:04     3k
>> gaffler3.tar.gz          09-Aug-2005 02:30   123k
>> phpBBroke-0.1.tar.gz     09-Oct-2005 13:35   383k phpBBroke/
>> 27-Sep-2005 16:47      - phpbb_captcha.c          24-Jan-2006
>> 03:16    21k pw-lolercaust-0.2.tar.gz 10-Oct-2005 03:38     2k
>> rsshithead.tgz
>>
>>
>> Nicob
>>
>> _______________________________________________ Full-Disclosure -
>> We believe in it. Charter:
>> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
>> sponsored by Secunia - http://secunia.com/
>>
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (MingW32)
 
iD8DBQFEFJxBFJS99fNfR+YRAj5EAJ9CSGssylC2ErrXD+VmVKxmLOOzMQCcDJwQ
ESS9D2SCfNJ+phvLzenoCqQ=
=eQ8x
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ