Date: Fri, 21 Jun 2013 19:36:17 +0300
From: Julius Kivimäki <julius.kivimaki@...il.com>
To: MustLive <mustlive@...security.com.ua>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: DDoS attacks via other sites execution tool

So you made a perl script to make GET requests on a list of URLs? Brilliant.


2013/6/18 MustLive <mustlive@...security.com.ua>

> Hello participants of Mailing List.
>
> If you haven't read my article (written in 2010 and last week I wrote about
> it to WASC list) Advantages of attacks on sites with using other sites
> (http://lists.webappsec.org/**pipermail/websecurity_lists.**
> webappsec.org/2013-June/**008846.html<http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008846.html>
> ),
> feel free to do it. In this article I reminded you about using of the sites
> for attacks on other sites
> (http://lists.grok.org.uk/**pipermail/full-disclosure/**
> 2010-June/075384.html<http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html>
> ),
> DDoS attacks via other sites execution tool (DAVOSET)
> (http://lists.webappsec.org/**pipermail/websecurity_lists.**
> webappsec.org/2010-July/**006832.html<http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006832.html>
> ),
> sending spam via sites and creating spam-botnets
> (http://lists.webappsec.org/**pipermail/websecurity_lists.**
> webappsec.org/2010-July/**006863.html<http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006863.html>
> )
> and wrote about advantages of attacks on sites with using other sites.
>
> Last week I've published online my DDoS attacks via other sites execution
> tool (http://websecurity.com.ua/**davoset/<http://websecurity.com.ua/davoset/>).
> It's tool for conducting
> of DDoS attacks via Abuse of Functionality vulnerabilities on the sites,
> which I've made in 2010. Description and changelog on English are presented
> at my site. Where you can get my DAVOSET v.1.0.5 (made at 18.07.2010).
>
> This is the last version of my DAVOSET. After that I've stopped its
> development. But now I am planning to continue development of the software
> and to release new versions (I'll release v.1.0.6 today).
>
> For three years I was holding this tool privately, but now released it for
> free access. So everyone can test Abuse of Functionality vulnerabilities at
> multiple web sites - like Google's sites, W3C and many others, which were
> informed by me many times during many years (I was informing admins of web
> sites about such vulnerabilities since 2007), but ignored and don't want to
> fix these holes for a long time, and for example Google continued to create
> new services with Abuse of Functionality and Insufficient Anti-automation
> vulnerabilities, which can be used for such DoS and DDoS attacks.
>
> It must bring attention to the danger of these vulnerabilities (which I was
> trying to do in my articles in 2010). Because in most cases owners of web
> sites and web developers ignore and don't fix them. Which can be used for
> DoS attacks as on other sites, as on the sites with Abuse of Functionality
> vulnerabilities themselves, about which I wrote in my article Using of the
> sites for attacks on other sites.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> ______________________________**_________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-**disclosure-charter.html<http://lists.grok.org.uk/full-disclosure-charter.html>
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists