So due to weak implemetation of license it has a bug. I'm creating a torrent for this scanner as we speak, and I will put it on thepritebay, so more honest people like me can download it for free.
On Thu, Dec 2, 2010 at 9:50 PM, Jens Christian Hillerup <[email protected]>wrote: > Dropping a 0day for y'all. > > So I found a vulnerability in the license management code in this software. > It's off the top of my head, and is presented in an untested state. It > seems, however, that if you continue using the software *after* the free > 30-day trial it will actually continue working! This is due to a very week > license management implementation, relying on the user agreeing to remove > the software after having used it for a total of thirty days. > > This flaw affects all known builds of the source code posted, and stands > currently with no workaround or hotfix. The vendor has yet to be contacted, > but is expected to push a patch for this vuln any day now. > > -jc > > > On Thu, Dec 2, 2010 at 9:30 PM, netinfinity < > [email protected]> wrote: > >> How much is the commercial version? >> >> I'd like to buy it for my hosting company. >> >> >> On Thu, Dec 2, 2010 at 7:18 PM, <[email protected]> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Esteemed members of the Full Disclosure mailing list, >>> >>> In the wake of the recent compromise of the ProFTPd distribution >>> server and the subsequent root-level backdoor that was placed into >>> the source[0], we are proud to announce a cutting edge source code >>> scanner that will help you detect backdoors in your code. This code >>> is free to use for 30 days, after which time you must pay for it. >>> >>> >>> - ------------- el8 Vuln Scan v.0.1 ------------- >>> >>> #!/bin/bash >>> >>> ################################################################### >>> # >>> # Place this script inside the top level directory of your >>> # source code repo. >>> # >>> # Please delete this after 30 days, or purchase a copy from our >>> # online store. >>> # >>> # 50% of all proceeds will go to the victims that have been >>> # owned by ACIDBITCHES within the past 6 years. >>> # >>> ################################################################### >>> >>> # main >>> >>> export PATH=/bin >>> >>> grep -r ACIDBITCHES * >>> >>> - ------------- el8 Vuln Scan v.0.1 ------------- >>> >>> >>> Thank you for helping us to help you make the Internet a safer >>> place. >>> >>> >>> [0] >>> http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging- >>> sigs/7965<http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging-%0Asigs/7965> >>> -----BEGIN PGP SIGNATURE----- >>> Charset: UTF8 >>> Version: Hush 3.0 >>> Note: This signature can be verified at https://www.hushtools.com/verify >>> >>> wpwEAQMCAAYFAkz34wkACgkQnCf21LwRaXbdlwP/bRK2S7SA77h05jF1cdBty4hefooL >>> Zx0GOeABoqTZKnaNuKxGqwdPtg7fyNctrb7iMzehzJWBXnAD1Zik2UCujZINxeE8BFhw >>> yTN9gshJZB1cdWSHwxQdiB+NqS9eRqg3s0J8i/9EjzNVkgX4EJTJZMXv9oEUDCgwW92h >>> 7KFZMWU= >>> =mJJI >>> -----END PGP SIGNATURE----- >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> >> -- >> www.google.com >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > -- www.google.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
