Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

TEHTRI-Security released 13 0days against web tools used by evil attackers
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot () tehtri-security com>
Date: Fri, 18 Jun 2010 01:23:10 +0800


Gents,

As announced in recent emails here, we have just released 13 0days and
new offensive concepts against most of the tools currently used by web
attackers, like web shells, exploit packs, etc, during our new talk at
SyScan Singapore 2010 : http://www.syscan.org/Sg/speakers.html#012

We have given new methods to counter-strike intruders with our new
exploits giving you remote shells, remote SQL injection, permanent XSS
and dangerous XSRF, against remote tools used by attackers.

It's time to have strike-back capabilities for real, and to have
alternative and innovative solutions against those security issues.

We have shown how to know, identify, exploit, neutralize or destroy
attackers using those kind of tools.

For example, we gave (some of) our 0days against known tools like Sniper
Backdoor, Eleonore Exploit Pack, Liberty Exploit Pack, Lucky Exploit
Pack, Neon Exploit Pack, Yes Exploit Pack...

This was a way to explain that you can react when you are under attack.

We hope that this will open a new way to think about IT Security
worldwide, and that it might help people sometimes.

Do not hesitate to contact TEHTRI-Security if you need technical
assistance (pentests, incident handling, source code analysis, etc) with
experts who know how work cyber conflicts for real, which is totally
different from people who have clean certifications or who just
masterize security research in labs...

Here is the list of the 13 security advisories and 0days that we just
released today.

TEHTRI-SA-2010-023 - Vuln in NEON Exploit Pack. Permanent XSS+XSRF.
TEHTRI-SA-2010-022 - Vuln in NEON Exploit Pack. SQL Injection.
TEHTRI-SA-2010-021 - Vuln in YES Exploit Pack. Remote File Disclosure.
TEHTRI-SA-2010-020 - Vuln in YES Exploit Pack. Permanent XSS+XSRF admin.
TEHTRI-SA-2010-019 - Vuln in YES Exploit Pack. Remote SQL Injection.
TEHTRI-SA-2010-018 - Vuln in LuckySploit Expl Pack. Remote control.
TEHTRI-SA-2010-017 - Vuln in Liberty Exploit Pack. Permanent XSS+XSRF.
TEHTRI-SA-2010-016 - Vuln in Liberty Exploit Pack. SQL Injection.
TEHTRI-SA-2010-015 - Vuln in Eleonore Exploit Pack. Another SQL Inject.
TEHTRI-SA-2010-014 - Vuln in Eleonore Exploit Pack. XSRF in admin panel.
TEHTRI-SA-2010-013 - Vuln in Eleonore Exploit Pack. Permanent XSS.
TEHTRI-SA-2010-012 - Vuln in Eleonore Exploit Pack. Remote SQL Inject.
TEHTRI-SA-2010-011 - Vuln in Sniper_SA Web Backdoor. Remote File Disclos

More explanations available on our web site:
http://www.tehtri-security.com/en/news.php

Do not hesitate to contact us directly if needed.

Best regards,
Take care.

Laurent OUDOT - "TEHTRI-Security, This is not a game."
 CEO & Founder of TEHTRI-Security
 http://www.tehtri-security.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • TEHTRI-Security released 13 0days against web tools used by evil attackers Laurent OUDOT at TEHTRI-Security (Jun 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]