--------------------------------------------------------------------------------
Product: SaS (Security Application Server)
Vendor: NSRG (No Secure Root Group Security Research)
Lorenzo Hernandez Garcia-Hierro
<lorenzohgh@nsrg-security.com>
Impact: Intellectual property disclosure
Bulletin-ID: PT.2003.0001
--------------------------------------------------------------------------------
Product Description (From Vendor Website): We are happy to announce that sas website is now ( again ) online in this server by accessing sas.nsrg-security.com , migrate your links to this server. The portal version is the latest of phpWebSite. We trust in phpWebSite , a very secure solution in this last version ( old versions are affected by SQL Injections , XSS attacks and PD attacks , discovered by Lorenzo H G-H/trulux ).
Method of Disclosure:
If you have the GET script installed:
GET http://www.nsrg-security.com | lorenzo_decode.pl > outfile.html
If you have wget:
wget http://www.nsrg-security.com -O enc.html
lorenzo_decode.pl < enc.html > outfile.html Background:
After the veritable cornucopia of website exploits posted today on
full-disclosure it inspired me to audit a few websites myself. I started
with the author of all the IMHO frivolous postings and found that he
"encrypted" his website with something called SaS that his group wrote.
I figured man this Lorenzo guy has lots of free time to pick apart
everybody's websites, his must be top notch. "Exploit" code is attached
and also available at:
http://jackhammer.org/exploits/lorenzo_decode.pl
Cheers, Paul Tinsley
Attachment:
lorenzo_decode.pl
Description: Perl program