by r0t,der4444,cembo,VietMafia

Wednesday, June 21, 2006

dev Vs def

While surfing i found one article from one developer (Jörg Stöber) ,a developer of Content*Builder.
His wroten article title is - Defacing?!!
He says that now he knows what means defacing.
I suppose that he started recognize that stuff after Kacper had discovered multiple remote file include vuln. in Content*Builder.
Whats happends later , you know if you will look at views count only in milw0rm.
Also as Jörg says that there was many deface attemps to sites wich use they software.
Till that i understood his message cleary, but when he start to explain and teach about that stufff wich he knows some days only...And say that "script kidies" are use almost Opensource to find variables where including remote files arent properly santized.
In that point Jörg,i dont like also defacers ... but almost software auditors dont have nothing together with defacers like " Hack3d by TurKish HacKerS t34m!!!", only thing is that most of webbaplication auditors/pentesters work is used to attack vuln. software using websites.
And for a "Script Kidie" is easiest way to deface is using published POC , where he must only change from http://victim-host.com/vuln_file.php?include_path= to your host name.
And i like developers like you ... who are dumb enough to code unsecure and in that time also clever to teach/speak about security and give to people stattus wich kind of them can be used by yourself.
If you was lame to code , than why you must now speak in that way,try to look at you source better and not speak as coder god, cauz its still have more mistakes as mine english.

Knowlegde is power.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew