mailing list archives
TEHTRI-Security released 13 0days against web tools used by evil attackers
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot () tehtri-security com>
Date: Fri, 18 Jun 2010 01:23:10 +0800
As announced in recent emails here, we have just released 13 0days and
new offensive concepts against most of the tools currently used by web
attackers, like web shells, exploit packs, etc, during our new talk at
SyScan Singapore 2010 : http://www.syscan.org/Sg/speakers.html#012
We have given new methods to counter-strike intruders with our new
exploits giving you remote shells, remote SQL injection, permanent XSS
and dangerous XSRF, against remote tools used by attackers.
It's time to have strike-back capabilities for real, and to have
alternative and innovative solutions against those security issues.
We have shown how to know, identify, exploit, neutralize or destroy
attackers using those kind of tools.
For example, we gave (some of) our 0days against known tools like Sniper
Backdoor, Eleonore Exploit Pack, Liberty Exploit Pack, Lucky Exploit
Pack, Neon Exploit Pack, Yes Exploit Pack...
This was a way to explain that you can react when you are under attack.
We hope that this will open a new way to think about IT Security
worldwide, and that it might help people sometimes.
Do not hesitate to contact TEHTRI-Security if you need technical
assistance (pentests, incident handling, source code analysis, etc) with
experts who know how work cyber conflicts for real, which is totally
different from people who have clean certifications or who just
masterize security research in labs...
Here is the list of the 13 security advisories and 0days that we just
TEHTRI-SA-2010-023 - Vuln in NEON Exploit Pack. Permanent XSS+XSRF.
TEHTRI-SA-2010-022 - Vuln in NEON Exploit Pack. SQL Injection.
TEHTRI-SA-2010-021 - Vuln in YES Exploit Pack. Remote File Disclosure.
TEHTRI-SA-2010-020 - Vuln in YES Exploit Pack. Permanent XSS+XSRF admin.
TEHTRI-SA-2010-019 - Vuln in YES Exploit Pack. Remote SQL Injection.
TEHTRI-SA-2010-018 - Vuln in LuckySploit Expl Pack. Remote control.
TEHTRI-SA-2010-017 - Vuln in Liberty Exploit Pack. Permanent XSS+XSRF.
TEHTRI-SA-2010-016 - Vuln in Liberty Exploit Pack. SQL Injection.
TEHTRI-SA-2010-015 - Vuln in Eleonore Exploit Pack. Another SQL Inject.
TEHTRI-SA-2010-014 - Vuln in Eleonore Exploit Pack. XSRF in admin panel.
TEHTRI-SA-2010-013 - Vuln in Eleonore Exploit Pack. Permanent XSS.
TEHTRI-SA-2010-012 - Vuln in Eleonore Exploit Pack. Remote SQL Inject.
TEHTRI-SA-2010-011 - Vuln in Sniper_SA Web Backdoor. Remote File Disclos
More explanations available on our web site:
Do not hesitate to contact us directly if needed.
Laurent OUDOT - "TEHTRI-Security, This is not a game."
CEO & Founder of TEHTRI-Security
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- TEHTRI-Security released 13 0days against web tools used by evil attackers Laurent OUDOT at TEHTRI-Security (Jun 17)