|Main Archive Page > Month Archives > full-disclosure-uk archives|
I like the idea they are all terrorist passing secret messages in fake exploits.
/me waits on the Tom Clancy movie
On 5/7/07, Ron Superior <firstname.lastname@example.org> wrote:
> Hi folks,
> Some months back I seem to remember people hypothesizing as to the
> real purpose behind some of these particularly lame fake PHP exploits.
> You know the ones I mean; they're mostly remote file includes, they
> often are decorated with some simple ASCII art, and the "thanks" and
> "greetz" sections are always loaded with names that suggest Turkish or
> other Middle Eastern origin.
> The two most interesting suggestions that I recall were:
> 1) Somebody wanted to pump up the lists with PHP exploits so they
> could claim later that some large number X of PHP vulnerabilities had
> been posted to FD since some date.
> 2) Covert communication, or that the "exploits" were really secret
> messages between t3rr0ri$ts or something.
> I'm sure there exists a motive beyond just spamming us to be
> annoying. Any one have any new ideas, or good arguments for either of
> the above two ideas?
> Guasconi Vincent wrote:
> > On 5/6/07, security curmudgeon <email@example.com> wrote:
> >> : VENDOR :http://nucleuscms.org/
> >> : BY : s3rv3r_hack3r (hackerz.ir admin)
> >> : bug:
> >> : nucleus3.22/nucleus/plugins/skinfiles/index.php =
> include($DIR_LIBS . 'PLUGINADMIN.php');
> >> : Exloit:
> >> :
> >> I haven't examined the source code to this, but on June 16, 2006,
> >> firstname.lastname@example.org disclosed RFI vulnerabilities  in four Nucleus
> >> scripts, all with the DIR_LIBS variable as the injection point. This
> >> subsequently proven to be a false report as the variable was previously
> >> set and could not be manipulated by an attacker.
> >> Have you actually tested this, or is this based on a quick grep of the
> >> source code?
> > They're like bots now.
> > They didn't hear you, and you can't stop them.
> > Try a spam rule.
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-- -- h0 h0 h0 -- www.nopsled.net
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/