[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] i've found an exploit, but i want to make it do something before i report it
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] i've found an exploit, but i want to make it do something before i report it
- From: evilrabbi <evilrabbi@xxxxxxxxx>
- Date: Sat, 8 Jul 2006 21:32:53 -0500
Here are some pretty generic things.. Bind shell, connect back shell. have
it download a file an execute it. Those are just a few ideas...
On 7/7/06, ima cow <i-am-cow@xxxxxxxxxx> wrote:
i understand that this is "full disclosure", but before i actually spill
the beans on the exact nature of the exploit i've found, i'd like to make it
actually do something.
for now, know that it affects a popular plugin for a popular messaging
program.
i'm at the stage where i can run any command on the remote user's computer
(just like start > run...), or have them request remote assistance.
other than showing them goatse, what can i do with this?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
-- h0 h0 h0 --
www.nopsled.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/