OMG, WTF is this.
ANTI-SEC has successfully pwnd a useless website using lulzy sql
injection from milw0rm.com.
u assholes, get a name like SHITHOLE and post ur shit somewhere else
and stop polluting anti-sec and the anti-sec movement and
security mailing list FFS.
GO DIE SOMEWHERE ELSE.
You, sir, (Kema Druma), are an idiot.
Good day to you.
On Tue, Jul 21, 2009 at 4:15 PM, Kema Druma kemadr...@gmail.com wrote:
OMG, WTF is this.
ANTI-SEC has successfully pwnd a useless website using lulzy sql
injection from milw0rm.com.
u assholes, get a name like SHITHOLE and post ur shit
Yes, I am bcoz, I bothered to reply to it and wasted my time. Ignoring
would be best.
-kemadruma
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
===
'Celebrating 40 years of Apollo and 20 years of buffer overflows'
===
INFIGO IS Security Advisory #ADV-2009-07-09
http://www.infigo.hr/en/
One bug to rule them all
IE5,IE6,IE7,IE8,Netscape,Firefox,Safari,Opera,Konqueror,
Seamonkey,Wii,PS3,iPhone,iPod,Nokia,Siemens and more.
Nobody cares.. lame. Hack something loser.
On Mon, 20 Jul 2009 18:29:28 -0400 the.defa...@hushmail.com wrote:
Hi,
My name is DeadlyData. I enjoy long walks on the beach, getting
pizzas delivered to my house when my d0x were dropped, and having
anal sex with my buddy Sean/TD Debug. My 1337 hack
put up or shut up.
On Mon, Jul 20, 2009 at 1:02 PM, epixoipepix...@hush.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
the level of ignorance on this list is overwhelming at times.
the individual posting as [anti.sec.movem...@gmail.com] is not
affiliated with, nor is a
Dear Full-disclosure,
Exploitsweatshop invited you to DEFCON EXPLOIT CODES PARTY!. For all of the
details, check out the Invitation Page:
http://anyvite.com/events/home/f3cgdeapii/z0rm0mjixesvzv/hcox3eqotupzbstajbxe
Event Details:
* Title:
DEFCON EXPLOIT CODES
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ant-Sec Movement wrote:
Dear Reader,
The anti-sec movement has officially pwned http://cms.netrix.hu in order to
spread our message and our goals.
Sincerely,
-anti-sec
It is actually a demo site and its admin passwd is available for
everyone anyway...
2009/7/21 scott redhowlingwol...@nc.rr.com:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ant-Sec Movement wrote:
Dear Reader,
The anti-sec movement has officially pwned http://cms.netrix.hu in order to
I will be there supporting 5.99USD per hour exploit developments!!!
D
Exploitsweatshop wrote:
[Site Logo] http://anyvite.com/
You're Invited to DEFCON EXPLOIT CODES PARTY!
Dear Full-disclosure,
Exploitsweatshop invited you to *DEFCON EXPLOIT CODES PARTY!*.
View the
+ The bug was present in a 9 year old version of Netscape - draw your own
conclusions.
There are literally thousands of HTML- and JavaScript-related denial
of service vectors in modern browsers. If you want a silly, ad hoc
example I just made up on the spot (and so could any reader of the
B3c4us3 w3 4ll kn0w th4t n0n3 0f y0u 4r3 g3tt1ng l41d; y0u m1ght 4s
w3ll subscr1b3 t0 th3 anti-sex m0v3m3nt. J01n 0ur c4us3. Cur3 41ds!
L3t th0s3 b1g 3v1l c0nd0m m4nuf4ctur3rs f41l!
m4sturb4tion 0nly!
8===D~~~
4nd f0r y0u 4s14ns...
8=D~~~
On Tue, 21 Jul 2009 05:58:10 -, Exploitsweatshop said:
BRING REMOTE EXPLOIT CODE, GET FREE COCKTAIL!
Unless you can throw an exploit together in 30 seconds, the dollars per
hour value there sucks.
Hmm.. I *do* have this '0pen0wn.c' I can probably obfuscate a bit in 30 secs...
Did you do that by hand, or did you download some software off the net to do
it for you?
2009/7/21 antisex anti...@hushmail.com
B3c4us3 w3 4ll kn0w th4t n0n3 0f y0u 4r3 g3tt1ng l41d; y0u m1ght 4s
w3ll subscr1b3 t0 th3 anti-sex m0v3m3nt. J01n 0ur c4us3. Cur3 41ds!
L3t th0s3 b1g 3v1l c0nd0m
2009/7/21 Ed Carp e...@pobox.com
Did you do that by hand, or did you download some software off the net to
do it for you?
Judging by the content I would assume he does it by hand.
2009/7/21 antisex anti...@hushmail.com
B3c4us3 w3 4ll kn0w th4t n0n3 0f y0u 4r3 g3tt1ng l41d; y0u m1ght 4s
1 d1d 1t w1th th3 s4m3 h4nd 1 us3 t0 m4sturb4t3.
On Tue, 21 Jul 2009 12:18:32 -0400 Killian Faughnan
li...@killianfaughnan.com wrote:
2009/7/21 Ed Carp e...@pobox.com
Did you do that by hand, or did you download some software off
the net to
do it for you?
Judging by the content I would
Well, I certainly hope you washed your hands before you started typing! But
wait a minute ... if you're anti-sex or anti-suck or whatever, what are you
doing jacking off??
2009/7/21 antisex anti...@hushmail.com
1 d1d 1t w1th th3 s4m3 h4nd 1 us3 t0 m4sturb4t3.
On Tue, 21 Jul 2009 12:18:32
7h15 15 7h3 c0n57ruc7. 17'5 0ur |04d1ng pr0gr4m. W3 c4n |04d
4ny7h1ng w3 n33d.1f y0u'r3 74|k1ng 4b0u7 wh47 y0u c4n f33|, wh47
y0u c4n 5m3||, wh47 y0u c4n 74573 4nd 533, 7h3n r34| 15 51mp|y
3|3c7r1c4| 51gn4|5 1n73rpr373d by y0ur br41n. 7h15 15 7h3 w0r|d
7h47 y0u kn0w.
w3|c0m3 70 UN1X w0r|d!
Hi Michal,
Yes, we all know that. The flaw here was not looping on itself a
thousands of times, wow. It was a DOM implementation flaw. That's
what made it interesting. A border case that was not accounted for.
That's all, still interesting. I don't see how Javascripts endless
loops
Yes, we all know that. The flaw here was not looping on itself a
thousands of times, wow. It was a DOM implementation flaw.
The code created an oversized list, which does not seem to be that far
from creating an overly nested DOM tree, or drawing an oversized
CANVAS shape, or any
Honestly kids...
On Tue, Jul 21, 2009 at 1:23 PM, mod-ra...@hushmail.com wrote:
7h15 15 7h3 c0n57ruc7. 17'5 0ur |04d1ng pr0gr4m. W3 c4n |04d
4ny7h1ng w3 n33d.1f y0u'r3 74|k1ng 4b0u7 wh47 y0u c4n f33|, wh47
y0u c4n 5m3||, wh47 y0u c4n 74573 4nd 533, 7h3n r34| 15 51mp|y
3|3c7r1c4| 51gn4|5
On Tue, 21 Jul 2009 11:21:54 EDT, anti...@hushmail.com said:
m4sturb4tion 0nly!
You'll discover it becomes a lot more fun once you reach puberty, any year now..
pgpw12vMH1fug.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Hi Steven,
SMC we will quickly run
SMC into lots of complexity that may well enter the realm of undecidable
SMC problems,
Yeah, security is too complex. Dude, the fix was to LIMIT the
the number of elements. This is not rocket science.
--
http://blog.zoller.lu
Thierry Zoller
ZDI-09-046: Novell Privileged User Manager Remote DLL Injection
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-046
July 21, 2009
-- Affected Vendors:
Novell
-- Affected Products:
Novell Privileged User Manager
-- Vulnerability Details:
This vulnerability allows remote
On Tue, 21 Jul 2009, Thierry Zoller wrote:
Yeah, security is too complex. Dude, the fix was to LIMIT the the
number of elements. This is not rocket science.
I believe Michal and I are having the conversation in a larger context.
What you found is valid on its own merit and got addressed,
Hi Michal,
MZ which does not seem to be that far
MZ from creating an overly nested DOM tree, or drawing an oversized
Interesting tidbit:
The W3C DOM specifies the select.length attribute to be *read only*.
Yet (all) browsers have implemented it allowing to write to it. I
am not sure what
One bug to rule them all
I know your get your jollies off finding AV bypasses which is great
and all, but I doubt many people call crashing a browser ruling them
all. Maybe re-release with slightly inconveniencing them all.
2009/7/22 Thierry Zoller thie...@zoller.lu:
Hi Michal,
MZ which does
Hi Michal,
Interesting,
http://www.w3.org/TR/REC-DOM-Level-1/level-one-html.html
--
readonly attribute long length;
--
MZ Does not seem to be the case in HTML5 at least?
Hi Michal,
MZ That was DOM Level 1 (1999). Even level 2 (2000) has this as read-write:
MZ http://www.w3.org/TR/DOM-Level-2-HTML/html.html#ID-94282980
Ah, now that makes sense. So my theory goes right down the drain =X
MZ Also keep in mind that with relatively few exceptions, W3C simply
MZ
http://www.w3.org/TR/REC-DOM-Level-1/level-one-html.html
--
readonly attribute long length;
--
That was DOM Level 1 (1999). Even level 2 (2000) has this as read-write:
The W3C DOM specifies the select.length attribute to be *read only*.
Does not seem to be the case in HTML5 at least?
http://dev.w3.org/html5/spec/Overview.html#the-select-element
In fact, it has the behavior for writes defined:
On setting, it must act like the attribute of the same name on
We, the worldwide anti-sec movement have landed yet another coup that
will strike full-disclosurizers into the very hearts and soul of their
being.
Fellow anti-sec'ers and freedom-lovers: Rejoice, for it is time to take
revenge against the full disclosure zionist hegemony in retaliation for
the
Do not fuck with anti-suck. LOL!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Awww, seriously? Can you leave governmentsecurity alone? I don't
want you fucking with my backdoorz. It's not my fault they run
litespeed.
On Tue, 21 Jul 2009 21:27:38 -0400 anti sec anti-
sec4l...@email.com wrote:
We, the worldwide anti-sec movement have landed yet another coup
that
will
I'm sorry, log time reader of FD, it's a great mashup of hilarity and vuln
disclosure. But this takes the cake. I can't sit silent for this one:
Are you OUTSIDE your mind? 4chan? and not even 4chan.org, an archive site.
This is the very core of the White Hat being? If this is truly a 'agent
of
On 21 Jul 2009, at 08:12, Michal Zalewski wrote:
There are literally thousands of HTML- and JavaScript-related denial
of service vectors in modern browsers...
There's one significant difference in this one, though: while a bunch
of nested divs (for instance) will just mess with the HTML
37 matches
Mail list logo
