by r0t,der4444,cembo,VietMafia

Saturday, September 10, 2005

Public Sploits Suck

I learned a valuable lesson a couple weeks ago. Posting vulnerabilites for software publicly is a big mistake. Example: Amember pro
I read the source for this and found some nice registered_globals=on exploits. I then hacked the main aMember server and got a backup of their database. Looked through it, and didnt see anything important. So I post for the newAngels team. It sits in the newAngel board for about a month. No one seems to care about it. I didnt think it was that great of an exploit either because the customer database was small and had no big names.

So I decide to post publicly. The public post you can read below. Then the day after it shows up on securityfocus.com I start getting flamed. The vulnerability I just posted was on several billing companies and even a few banks! Personally, I have only been in a couple smaller billing companies. So not only did I ruin my chances at being able to access these systems, but I allowed a ton of script kiddies into these systems! I did all the work, and the script kiddies got all the benefit.

Then a group called the Zealots brings me to my next point. They began to flame me for releasing THEIR exploit publicly! HOW THE FUCK CAN YOU OWN AN EXPLOIT!! I discovered it the same way they did, by reading source code. Sure the Zealots may be elite or whatever, but fuck them and their ignorance. You can't own an exploit.

What will I do with my exploits in the future? I do not know.

1 Comments:

Blogger r0t told...

yes, nobody owns.
And about case , unusual and usual ... hm as youknow in scene are one guys and another ones.. somebody will see nothin , another one will see everything and sometimes more:)

5:19 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew