> Hah. That's a weird script anyways. Who's crazy enough to punch in > their password into some guys' "analyzer" knowing good and well it > could be used against them or at least wind up in someone's private > wordlist?
> On 12/7/05, cranium pain <[EMAIL PROTECTED]> wrote: >> >> --------------------------------------- >> !!!0-Day Alert 0-Day Alert!!! >> --------------------------------------- >> Who Is Vulnerable: 0x90.org >> Who Are They: Developers of Web Based security tools >> Impact: Red Faces For l33t Haxxors >> Time Line: Today >> --------------------------------------- >> >> 0x90.org is a site ran by a bunch of hacker wanna-be's that write stuff to >> audit web sites and web applications, stuff like XXS / Java script >> injection, HTML injection and SQL injection. >> >> They are also the proud developers of Absynth. No, not that favorite >> alchoholic beverage that you use to intoxicate helpless females on a >> Saturday night, dulling their senses so that you can more easily social >> engineer them in to believeing that you are really a hot sex puppy and a mad >> leet haxxor that speaks at all the cons while wearing your "I read your >> mail" t-shirt, rather than the noob you are! >> >> Absynth is the web auditing tool which is commonly used by many CCISP >> certified security professionals and professional penetration testers, 99% >> of whom release top notch, serious remote 0day exploits to the community >> daily. >> >> Well, these jokers obviously never run their tools on their own web site, >> as such they have left their self open to some injection flaws of their own: >> >> POC: >> -------- >> >> POST http://www.0x90.org/passwd/index.php?password=";>Oh >> Noooeeessssss!!! >> >> >> doh.. >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: >> http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > -- > Robert Wesley McGrew > http://cse.msstate.edu/~rwm8/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Or in case of [EMAIL PROTECTED], who *maybe* trying to retrieve some 0day local sploits from FD readers, who got local unpriv shell through this form. (Form is now closed, i know) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
