I found a 2 serious vulnerabilities!
Results 1 to 9 of 9

Thread: I found a 2 serious vulnerabilities!

  1. #1
    Member
    Join Date
    May 2002
    Posts
    40

    Exclamation I found a 2 serious vulnerabilities!

    Hey guys (and girls)!
    Yeah i can hardly belive I did that but I found 2 serious vulnerabilities in a popular message board.

    The first one allows D.O.S Against the forum, Other allows stealing user accounts.

    I dont wanna give too much details and I really need a week or two to study the issue, but I want to know - what is the best way to publish these vulnerabilities?

    What should I say to company who make this message board, how much time should I wait until I publish my information outside and which way is the best way to do that?

    p.s. I didnt see "general security" forum so i made the thread here.
    Share on Google+

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    225
    Why would you "publish the information outside" ? just send an anonymous email to the admin...
    \"Now it\'s time to erase the story of our bogus fate. Our history as it\'s portrayed is just a recipe for hate!\"
    -Bad Religion
    Share on Google+

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    http://www.wiretrip.net/rfp/policy.html

    This was a policy written by RainForestPuppy talking about full disclosure and the proper way to do it.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman
    Share on Google+

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    225
    i don't think he's saying he discovered some new general vulnerability. I think he's talking about a specific instance on a specific host. THAT should never be publicized, not at least until it is patched....
    \"Now it\'s time to erase the story of our bogus fate. Our history as it\'s portrayed is just a recipe for hate!\"
    -Bad Religion
    Share on Google+

  5. #5
    Member
    Join Date
    May 2002
    Posts
    40
    Well, it IS a new general vulnerability, its not just on a specific host. And why i want to publish what I found? because :
    a) i want people to fix it, instead of using a software that can be exploited.
    b) i want credit for what i found.

    And yeah, I will message the people who made this message board and tell them theres a problem with it before Ill publish what I found, I just wanted to know how exactly should I do that.
    Share on Google+

  6. #6
    Senior Member Unl3Ashed's Avatar
    Join Date
    Aug 2002
    Posts
    103
    STeRoiD, If you would like to recieve credit for what you've found, I think the only way is that you should find a big software compony and sell it to them and they can make a fix for it , but if you publish it by your own, then I don't think of any credit. This is just an oponion, may be wrong.

    Cheers
    "Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
    - Albert Einstein
    Share on Google+

  7. #7
    Banned
    Join Date
    Sep 2002
    Posts
    108
    My guess would be to send an email to the admin(s) or creators of the software, explain to them how it can be exploited, and if you can, offer a patch. That would be my best guess.
    Share on Google+

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    doktorf00bar, cool nickname.
    Mailing the webmaster is the best, I do it pretty often, check sites for holes and mail the webmaster about them+the solution, they appreciate it when you care about their site.
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com
    Share on Google+

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    el-half,

    You may want to look at the post dates before posting to the thread. In this case, they are from October of 2002. By definition, this is a dead thread.



    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •