[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] WtPHS Security Advisory 0x03
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] WtPHS Security Advisory 0x03
- From: <wtphs@xxxxxxxxxxxx>
- Date: Tue, 4 May 2004 23:43:56 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
.--------------------------------.
-[ Winnie the Pooh Hacking Squadron ]-
'---| Security Advisory 0x03 |---'
_.- -.- -._ ..
.;;" .oe$$$eeu.. ,?;UU.
,+'!! e$$$$$$$R$$$$x ?xd$)
,' !~ u$$$$F,$$$by,?$"e $F" _ -
.,;,. ,dm :! $$$$$$d( )$( )?d$F _ - _
!?????X!!!!~!!!X!."?????$$$F'.::::::: - . - ~
+$$$$$m@`!! ~? `!kCCU$$$$ ::::::::: g~ ~ - _
"$BeCeW$:`~..__~x W$$$$$$$e `:::::'.$F ~
"****" ,``~~?$:=$$$$$$epppe$F`
, ' , ?W.""??$$FFF" *.
' . . ?$$e. ==+* ..$f
' . ' H!.?$$$$$$$$$$$f
. ' !!!! ?$$$$$$$$$$
. ~!!!!!? ?$$$$$$$f.
. ' !!!!~*..****C.-!:..
. - ~!!!:. ?!!~.$$$$$$$$$$.!!!!:` .
.- ~!::. !!!!!. ?X e$$$$$$$$$$$$.`!!! .! - _
. `~!?: ~!!!!! !!!!!!!!! $$$$$$$$$$$$$$$ !! !! !?
' !!:!!!!!!!!!!!!!!!`:$$$$$$$$$$$$$$$U ~ :!!!! !!~ `
.:::::... !!!!!!!!~~~~!!!!X $$$$$$$$$$$$$$$$$ !!!!!...:<~`
`
Software: www.suvhate.org
Version: up to 4.5.2004
Vulnerability: Author
Found date: March 2004
Release date: today
Researchers: Winnie The Pooh Hacking Squadron
Lame plant: boring_wood
[0] LICENSE
1) No whitehat whore can use this in his pseudo-security work
2) divineint can't trade exploit attached to this advisory on
#darknet@efnet nor other lame channel (for people who don't
know it yet - his new nick is illumanti(z), is he hidding ?!)
3) Every hacker can implement exploit for this vuln in his
codes to protect them from script kiddies and whitehats.
5) WtPHS doesn't contact vendors
[1] INTRO
Well let us quote from the site since we could not better
describe what it is about:
"Welcome to SUVHate.org, a website committed exclusively
to a thorough, protracted humiliation of unfettered stupidity
[...]"
In this sense we'll proceed.
[2] Details
A CGI on svhate.org called "page.pl" allows us to control another
buggy open call...
[3] Exploitation
Our goal here was to get control over the EIP register. Once EIP
is under
control we can run any desired command. So our attack buffer loocks
as
follows:
buffer[|desired_command|];
We however used again the builtin exploiting capabilities of konqueror.
....konqueror...get it?
[4] IMPACT
id
uid=529(suvhate) gid=530(suvhate) groups=530(suvhate)
uname -a
Linux jv.jv-hosting.net 2.4.24 #3 Fri Jan 30 21:27:29 EST 2004 i686
unknown
.
.
etc
Someone could use the various exploits that fly around on on the
machine..
[5] EDUCATIONAL VALUE
Now who is humiliated?
[7] DISCLOSURE TIMELINE
4/5/2004 Bug disclosed on www.suvhate.org [How I was humiliated
by WtPHS]
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkCYfS4ACgkQJLOqzu1mkg9mVACgtoQ8ziM56f3BeE2cn6aQD2+haNUA
oKhSDAmOa+mbUqgqTNQCkLYxhyoV
=CFAL
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html