WtPHS Security Advisory 0x03

[<wtphs () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                      .--------------------------------.
                    -[ Winnie the Pooh Hacking Squadron ]-
                      '---| Security Advisory 0x03 |---'





                                   _.- -.- -._     ..
                              .;;"  .oe$$$eeu.. ,?;UU.
                           ,+'!!  e$$$$$$$R$$$$x ?xd$)
                         ,'  !~ u$$$$F,$$$by,?$"e $F"        _ -
               .,;,.   ,dm  :! $$$$$$d( )$( )?d$F       _ -       _
              !?????X!!!!~!!!X!."?????$$$F'.:::::::   -   .  - ~
              +$$$$$m@`!!   ~? `!kCCU$$$$ ::::::::: g~  ~ -  _
               "$BeCeW$:`~..__~x W$$$$$$$e `:::::'.$F           ~
                 "****"      ,``~~?$:=$$$$$$epppe$F`
                         , '   ,    ?W.""??$$FFF" *.
                       '     .     . ?$$e. ==+* ..$f
                    '     . '      H!.?$$$$$$$$$$$f
                       . '        !!!! ?$$$$$$$$$$
                              . ~!!!!!? ?$$$$$$$f.
                          . '     !!!!~*..****C.-!:..
                   . -  ~!!!:.    ?!!~.$$$$$$$$$$.!!!!:` .
              .- ~!::.    !!!!!.  ?X e$$$$$$$$$$$$.`!!!   .! - _
          . `~!?: ~!!!!!  !!!!!!!!! $$$$$$$$$$$$$$$  !!   !!     !?
         '      !!:!!!!!!!!!!!!!!!`:$$$$$$$$$$$$$$$U ~ :!!!!    !!~ `
      .:::::...  !!!!!!!!~~~~!!!!X $$$$$$$$$$$$$$$$$  !!!!!...:<~`
`



          Software: www.suvhate.org
           Version: up to 4.5.2004
     Vulnerability: Author
        Found date: March 2004
      Release date: today
       Researchers: Winnie The Pooh Hacking Squadron
        Lame plant: boring_wood

[0] LICENSE

    1) No whitehat whore can use this in his pseudo-security work
    2) divineint can't trade exploit attached to this advisory on
       #darknet@efnet nor other lame channel (for people who don't
       know it yet - his new nick is illumanti(z), is he hidding ?!)
    3) Every hacker can implement exploit for this vuln in his
       codes to protect them from script kiddies and whitehats.
    5) WtPHS doesn't contact vendors


[1] INTRO

     Well let us quote from the site since we could not better
     describe what it is about:

      "Welcome to SUVHate.org, a website committed exclusively
       to a thorough, protracted humiliation of unfettered stupidity
       [...]"

     In this sense we'll proceed.

[2] Details

     A CGI on svhate.org called "page.pl" allows us to control another
     buggy open call...


[3] Exploitation

    Our goal here was to get control over the EIP register. Once EIP
is under
     control we can run any desired command. So our attack buffer loocks
as
     follows:

                  buffer[|desired_command|];

     We however used again the builtin exploiting capabilities of konqueror.
     ....konqueror...get it?


[4] IMPACT

     id
     uid=529(suvhate) gid=530(suvhate) groups=530(suvhate)
     uname -a
     Linux jv.jv-hosting.net 2.4.24 #3 Fri Jan 30 21:27:29 EST 2004 i686
     unknown
     .
     .
     etc

     Someone could use the various exploits that fly around on on the
     machine..


[5] EDUCATIONAL VALUE

     Now who is humiliated?


[7] DISCLOSURE TIMELINE

     4/5/2004 Bug disclosed on www.suvhate.org [How I was humiliated
by WtPHS]
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkCYfS4ACgkQJLOqzu1mkg9mVACgtoQ8ziM56f3BeE2cn6aQD2+haNUA
oKhSDAmOa+mbUqgqTNQCkLYxhyoV
=CFAL
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html