| Author |
Message |
izone
Involved
Joined: Sep 07, 2004
Posts: 354
Location: Sweden
|
 Posted:
Mon Sep 19, 2005 4:28 am |
|
Hi
I've got a new Exploit for Nuke 7,8 but I don't know:
- if it works even with last ver. of Sentinel and patch 3,1
- Who and where can I send it to look at it.
The person who send me this call himself a Hacker. He "just wanted to help me and other about this brand new Exploit" !!!
I don't wana send it here of security reason. Who shall I send it to?
Thanks! |
| |
|
|
|
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
| Posted:
Mon Sep 19, 2005 9:22 am |
|
|
|
|
|
izone
|
| Posted:
Mon Sep 19, 2005 9:36 am |
|
I don't know. I hope some of moderator or Raven could have look at it. |
| |
|
|
|
|
technocrat
|
| Posted:
Mon Sep 19, 2005 9:41 am |
|
I pay pretty close attention to hacker websites and watch what the script kiddies are up to. To my knowledge the only exploit out there is fixed by what I posted. Though Sentinel (if configured correctly) should stop any Union attacks. |
| |
|
|
|
|
izone
|
| Posted:
Mon Sep 19, 2005 10:02 am |
|
I'll send you link to this one u can see what it is. thanks. |
| |
|
|
|
|
technocrat
|
| Posted:
Mon Sep 19, 2005 10:07 am |
|
If you feel comfortable sending it to me, I would be happy to take a look it and see what the deal is. |
| |
|
|
|
|
izone
|
| Posted:
Mon Sep 19, 2005 10:12 am |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Mon Sep 19, 2005 10:39 am |
|
Please send it to me also. Thanks! |
| |
|
|
|
|
technocrat
|
| Posted:
Mon Sep 19, 2005 10:54 am |
|
Yeah that's the hack that should be fixed by the post I gave out. Also it should be picked up by Sentinel since its using a standard UNION exploit. |
| |
|
|
|
|
izone
|
| Posted:
Mon Sep 19, 2005 11:29 am |
|
Raven, I sent it to you too.
Please let us know if it is something to be worry about. |
| |
|
|
|
|
izone
|
| Posted:
Mon Sep 19, 2005 11:31 am |
|
Acctuelly I don't know the person who sent this to me. He maybee is just a script kiddie. But I had to take it up here to be sure. |
| |
|
|
|
|
Raven
|
| Posted:
Mon Sep 19, 2005 2:16 pm |
|
NukeSentinel should stop that w/o any problems at all  |
| |
|
|
|
|
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
| Posted:
Mon Sep 19, 2005 5:04 pm |
|
there are more ways to exploit a database and one of them is by using "no-break spaces" these spaces are not the binary code \x20 but are \xA0 and since most systems don't check on the \xA0 a security issue is born. |
| |
|
|
|
Quake
New Member
Joined: Feb 02, 2005
Posts: 12
|
| Posted:
Mon Sep 26, 2005 11:43 am |
|
| djmaze wrote: | | there are more ways to exploit a database and one of them is by using "no-break spaces" these spaces are not the binary code \x20 but are \xA0 and since most systems don't check on the \xA0 a security issue is born. |
Is there a way to check that? Is it a script issue or a real php issue. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
