lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <f3605ab90712051131x3b2403aak44db0f3b499b72cc@mail.gmail.com>
Date: Wed, 5 Dec 2007 11:31:07 -0800
From: "Ham Beast" <i.am.hambeast@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: 0day XSS for MPAA.org

Olá Kristian Hermafroditas you useless fagot, shoes of clown are apparent.

Hambeast returned to specifically noted that, for someone who is
trying really hard to find a job (and NOT find) you really are much
not doing to endear themselves to potential employers. You pick a
fight with Microsoft (question: who is one of the largest in the
industry employers of 3rd party security consultants?) And then post
into the full disclosure all proud that you found a XSS on a site that
has no visibility LOGIN PAGE OR NOTHING and encourage the hacking for
this internet site and committing criminal activities.

His signature is so apt. You have no special talent. Or even any
skills or talents at all. Indeed, the only thing hambeast can see that
Kristian Hermafroditas is good is the appearance of a fucking idiot
and also to release the names of several other people in the security
industry that Hambeast believe has most likely never even heard of
your stupid faggoty auto.

I encourage everyone to the google for the "exploits", written by
Kristian Hermafroditas. It is very good for some laughs believe!

Basicamente, apply to Symantec as a helpdesk or support customer is
best chance for future you.

Moreover,
Hambeast would like to extend Greetings and Salutations on the return
of GOBBLES, I am very anxious to see your Matasano on blog. Finally
someone says Thomas Ptacek to SHUT THE UP FUCK AND CLOSE HIS FAT
FUCKING MOUTH STUPID. Hoorah! (Hambeast the name fat stupid mouth
Thomas Ptacek is from !)

On 12/4/07, Kristian Erik Hermansen <kristian.hermansen@...il.com> wrote:
> As many of you have heard, the MPAA themselves are violating the GNU
> GPL.  Such hypocrisy from a company which claims they adhere to
> copyrights :-)  In protest, I took exactly 7 seconds to locate an XSS
> in their website and am posting it for your perusal.  Maybe someone
> can use it in an email to an MPAA staff member, and perhaps can modify
> the payload to steal credentials for some MPAA admin interface.  And
> perhaps then, after gaining MPAA credentials, this person can modify
> the MPAA website.  And perhaps after that, we can all laugh at the
> MPAA yet again in their quest to sue 12 year old kids for downloading
> MP3 files...
>
> There are many more XSS on their site.  Everyone knows that if you
> find one bug on top (without much effort), there are many more
> security issues hiding beneath the surface.  I leave it up to the
> MPPA-haters out there to dig deeper and use it to "influence" the MPAA
> website...
>
> Here's one for the 'txtsearch' search field on the main page at
> MPAA.org in the top right-hand corner where it says 'Find the rating
> of a film'...
> ERR"></tr></table></td><script>alert('xss');</script>
> --
> Kristian Erik Hermansen
> "I have no special talent. I am only passionately curious."
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ