| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1310916480.31226.YahooMailClassic@web121503.mail.ne1.yahoo.com>
Date: Sun, 17 Jul 2011 08:28:00 -0700 (PDT)
From: Xa Buri <xaburi@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: SOngs.pk Hacked ! By Indian Hacker Team (Due
to Mumbai Terror)
Mumbai Blast death Toll - Approx 20 <-- People actually DIED there.
In retaliation ----> songs.pk was defaced
Wow!!!
Shut the f*%k up and go die, bloody skids. If you want to advertise ur n4m3s there are better ways than using blasts as an agenda, do something technical for a change.
- Xa
From: Silic0n <science_media017@...oo.com>
Subject: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
(Due to Mumbai Terror)
To: full-disclosure@...ts.grok.org.uk
Message-ID:
<1310747999.26056.YahooMailClassic@...110109.mail.gq1.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"
http://songs.pk/usersonline/usersonline.php
Hacked
BY:Mr52, R00t_d3vil , InX_rOot , -[SiLeNtp0is0n]- ,Lucky, Silic0n , Ne0_h4ck3r , dodo, and Team ICA
Pray for all the innocent victims of Mumbai attack ..
This is a small answer from All Indians.. Remember we are Together..
You can just kill innocent people .. Women & Childrens..
But There is no Future for you.. We are coming with huge speed..
Corruption will be under control.. Every Indian will have Money n Power..
Then there will be no one to Save you..
You are dirty stamp on Pure Islam.. Try to Understand & Respect it..
Just Remember We are coming
Bye ..
Exit
_
?
Submit Your comment here ..
Use Proper language.
?
Comment here? http://www.anvilbook.com/guestbook.php?mumbai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110715/16ed9799/attachment-0001.html
------------------------------
Message: 2
Date: Fri, 15 Jul 2011 21:59:04 +0300
From: Georgi Guninski <guninski@...inski.com>
Subject: Re: [Full-disclosure] Spooks really call em "Whizz" and "do
cyber"
To: Jacqui Caren-home <jacqui.caren@...world.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID: <20110715185904.GB1798@...okote.iziade.m$>
Content-Type: text/plain; charset=utf-8
On Wed, Jul 13, 2011 at 07:52:15PM +0100, Jacqui Caren-home wrote:
> "I need some real internet whizzes in order to do cyber ..."
> "I probably have to do better than I am doing at the moment, or else my internet whizzes are not going to stay? and we do have a steady drip, I am afraid. "
>
> http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8635959/Whizz-kids-deserting-the-spy-world-as-threat-of-attacks-increases.html
>
> Jacqui
>
> For the non brits here, the translation is - s/Cyber/pork barrel/gsi
>
> Evidently EDS (HP) are getting 2BILLION UKP funding via GCHQ real soon now...
>
> http://www.theregister.co.uk/2011/07/13/interception_modernisation_returns/
>
god save h-america and the uk...
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
------------------------------
Message: 3
Date: Sat, 16 Jul 2011 01:35:05 +0530
From: webDEViL <w3bd3vil@...il.com>
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
(Due to Mumbai Terror)
To: Silic0n <science_media017@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID:
<CAPgDQaKU29nvLrcq5SR6kcURHH6OF8w1zTsERsoMLZnpXPohwg@...l.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
I always had a feeling pirates were behind such attacks.
But music pirates seems to be a bit too much.
On Fri, Jul 15, 2011 at 10:09 PM, Silic0n <science_media017@...oo.com>wrote:
> http://songs.pk/usersonline/usersonline.php
>
> Hacked
>
> BY:*Mr52, R00t_d3vil , InX_rOot , -[SiLeNtp0is0n]- ,Lucky, Silic0n ,
> Ne0_h4ck3r , dodo, and Team ICA *
>
> Pray for all the innocent victims of Mumbai attack ..
> This is a small answer from All Indians.. Remember we are Together..
> You can just kill innocent people .. Women & Childrens..
> But There is no Future for you.. We are coming with huge speed..
> Corruption will be under control.. Every Indian will have Money n Power..
> Then there will be no one to Save you..
> You are dirty stamp on Pure Islam.. Try to Understand & Respect it..
> Just Remember We are coming
> Bye ..
> Exit
> _
>
>
> Submit Your comment here ..
> <http://www.anvilbook.com/guestbook.php?mumbai>
> Use Proper language.
>
>
>
>
> Comment here http://www.anvilbook.com/guestbook.php?mumbai
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Regards,
webDEViL
http://twitter.com/w3bd3vil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110716/4abdab61/attachment-0001.html
------------------------------
Message: 4
Date: Fri, 15 Jul 2011 19:00:24 -0400
From: Valdis.Kletnieks@...edu
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
(Due to Mumbai Terror)
To: Silic0n <science_media017@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID: <67649.1310770824@...ing-police.cc.vt.edu>
Content-Type: text/plain; charset="us-ascii"
On Fri, 15 Jul 2011 09:39:59 PDT, Silic0n said:
> Corruption will be under control.. Every Indian will have Money n Power..
Just a tad wishful thinking in that rant, aren't we?
(Incidentally, if every Indian has money, it will require very careful fiscal
policy to avoid some really nasty hyperinflation...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110715/6d3185d1/attachment-0001.bin
------------------------------
Message: 5
Date: Fri, 15 Jul 2011 19:18:24 -0400
From: Naresh Jha <rappercrazzy@...il.com>
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
(Due to Mumbai Terror)
To: Valdis.Kletnieks@...edu
Cc: Silic0n <science_media017@...oo.com>,
full-disclosure@...ts.grok.org.uk
Message-ID:
<CAMKnF7RjwT9-R_w=5YuS7MOzn9Gu6Oh22wf-YiaMV2ojT+MVrw@...l.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Science Media - Is that all you got? Is that all you have and can do to
respond back to PK? YAHA/ IHC ko yaad karo ??? Itna hi ban pada tum logon
se.... Itne saare log and bus itna hi ???
It is often said, when a person dies, its not a single death but death of
many more .... unke aansu ka kya yehi mol hai ?
On Fri, Jul 15, 2011 at 7:00 PM, <Valdis.Kletnieks@...edu> wrote:
> On Fri, 15 Jul 2011 09:39:59 PDT, Silic0n said:
> > Corruption will be under control.. Every Indian will have Money n Power..
>
> Just a tad wishful thinking in that rant, aren't we?
>
> (Incidentally, if every Indian has money, it will require very careful
> fiscal
> policy to avoid some really nasty hyperinflation...)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110715/c18c5305/attachment-0001.html
------------------------------
Message: 6
Date: Sat, 16 Jul 2011 05:49:27 +0000
From: w0lfd33m@...il.com
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team
(Dueto Mumbai Terror)
To: "webDEViL" <w3bd3vil@...il.com>,
full-disclosure-bounces@...ts.grok.org.uk, "Silic0n"
<science_media017@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID:
<274849754-1310795264-cardhu_decombobulator_blackberry.rim.net-1715578857-@....c11.bise7.blackberry>
Content-Type: text/plain
We might see a few more of these after the recent blasts in India. Cyberwar between both nations can be at peak for some time again!
Regards;
w0lf
www.maestro-sec.com
-- sent from BlackBerry --
-----Original Message-----
From: webDEViL <w3bd3vil@...il.com>
Sender: full-disclosure-bounces@...ts.grok.org.uk
Date: Sat, 16 Jul 2011 01:35:05
To: Silic0n<science_media017@...oo.com>
Cc: <full-disclosure@...ts.grok.org.uk>
Subject: Re: [Full-disclosure] SOngs.pk Hacked ! By Indian Hacker Team (Due
to Mumbai Terror)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
------------------------------
Message: 7
Date: Sat, 16 Jul 2011 17:10:35 +0800
From: YGN Ethical Hacker Group <lists@...g.net>
Subject: [Full-disclosure] MyST BlogSite | Multiple Vulnerabilities
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Message-ID:
<CAPYM6Vwm9VUHd5=EWY9407G913dymq-G=qKUO2V-Od-h2KYi0A@...l.gmail.com>
Content-Type: text/plain; charset=UTF-8
===============================
MyST BlogSite | Multiple Vulnerabilities
===============================
1. VULNERABILITY DESCRIPTION
--> Issue Title: Arbitrary URL Redirect
Component: MyST BlogSite ClickDirector
Ref: OWASP - Top 10 - 2010 - A10
Ref-Link: https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
Proof-Of-Concept:
http://blogsite.com/public/click/~sites/attacker.in/malware_exists_in_this_page/
http://blog.cenzic.com/public/click/~sites/attacker.in/malware_exists_in_this_page/
[FIXED]
--> Issue Title: Information Leakage
Ref: WASC-13
Ref-Link: http://projects.webappsec.org/w/page/13246936/Information-Leakage
This could be used to brute force (http://blogsite.com/login)
Proof-Of-Concept:
http://blogsite.com/public/mostl/1
http://blogsite.com/public/mostl/2
http://blogsite.com/public/my-account/1
http://blogsite.com/public/my-account/2
http://blogsite.com/public/object/1
http://blogsite.com/public/object/2
http://blogsite.com/public/object/3
--> Issue Title: Arbitrary Text Insertion
This could be used to deliver defamatory message to unaware users.
Proof-of-Concept:
http://blogsite.com/public/mostl-action/1?action=Browse&text=This%20blog%20was%200wned!
2. VENDOR
MyST Technology Partners, Inc.
http://myst-technology.com/
4. DISCLOSURE TIME-LINE
2011-04-17: reported vendor
2011-07-16: vulnerability found unfixed
2011-07-16: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[MyST_BlogSite]_vulnerabilities_2011-07
#yehg [2011-07-16]
------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
End of Full-Disclosure Digest, Vol 77, Issue 18
***********************************************
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists