Raven Core

This post is related to http://www.gofuckyourself.com/showthread.php?t=636295 and is dedicated to sixzero?s friends from:

Russia, China, Australia, New Zealand, Italy, USA, Germany, Amsterdam, Turkey, Korea, Europe, Asia, North America, South America, the Pacific and Africa

Lol. Now, if this guy wasn?t so cocky maybe I would?ve just keept my mouth shut. But since he has no clear intention of taking care of this heres how you can get 13k submitter email addresses from Comus.

If you read the gfy thread you will see that Comus has problems protecting some files which have no reason to be available to public, and according to sixzero they have no usefull information. Well, you guess, I tend to disagree.

EDITED BY VENDZILLA
You only need a line to get the emails from the file:

awk -F?:? ?print $2′ submitlog.txt|sort -u

Wait theres more, see: http://xxxonfire.com/comussites.html thats the list of all sites using Comus which you can easily fetch and download all submitlog.txt files. At the end of it you?ll have 13k unique webmaster emails.

If you ever wondered where all your emails are fetched from that could be one source.

If you are a webmaster running comus place an .htaccess file in the ct/includes directory with the line: deny from all, till sixzero fixes his shit, if ever.

Stay tuned for more tips and tricks


Tune into http://www.adultblackhat.com for more things from the dark side.

butterflybucks

Ooooooh I mean whoa!

__________________
100% Real Thai Girls - Tiniest Pornstar in the world Thainee.com & Dream Teen Tussinee.com Asian Teens, Asian EMO, Asian G/Fs THAI GIRLS WILD

Gillespie

This is gonna be good.

__________________
Blue Design Studios
My choice for web design.
Click this to see why.

Get a REAL host. Try JaguarPC.

294-659-259

Raven Core

I've got 13k emails handy

__________________
You suck at the interweb

GrouchyAdmin

Well, that log format is pretty retarded, as is storing the md5 hash.

I've seen worse, though. It's not like you're allowed to directly input the computed MD5, and trying to find a key that matches for a hash collission would still take forever.

Interesting post, regardless!

__________________

Gnus

Damn good thing I don't use it.

Gary

JD

well......fuck......

xxxice

Drama

Big_D

wow, craziness

Raven Core

it has no salt so you can reverse the md5 hashes
but you've just got 13k emails you can spam.

__________________
You suck at the interweb

jimthefiend

I'd hit that.



In fact I think I will right now. LOL































j/k

Vendzilla

Raven, Tony has been notified of the problem, He didn't give away those email address's, you did! Tony is working on a patch for that with the new release. It's not very professional to put up a thread with emails like that, you should have contacted Tony with that, or me!

__________________
Carbon is not the problem, it makes up 0.041% of our atmosphere , 95% of that is from Volcanos and decomposing plants and stuff. So people in the US are responsible for 13% of the carbon in the atmosphere which 95% is not from Humans, like cars and trucks and stuff and they want to spend trillions to fix it while Solar Panel plants are powered by coal plants
think about that

Raven Core

I'm sure Trey its on it right now.

__________________
You suck at the interweb

Raven Core

Read the original thread. Tony was notified a shitload of time ago.
He just needs to drop an .htaccess there no rocket sience.
And you think I'm the only one that knows this shit ?
You ever wondered were all the spam is comming from ?

__________________
You suck at the interweb

wdsguy

Thanks For The Email List!!! Awesome!@

CaptainHowdy

Dammmmmmmmmmmmmmmmmmmmmmmm!!

__________________
Vacares - Web Hosting, Domains, O365, Security & More - Paxum and BTC Accepted

Windows VPS now available
Great for TSS, Nifty Stats, remote work, virtual assistants, etc.

Vendzilla

And because of the concern, he added that to the list of the new release he's working, don't be an ass and post webmasters email address's, you've been warned

__________________
Carbon is not the problem, it makes up 0.041% of our atmosphere , 95% of that is from Volcanos and decomposing plants and stuff. So people in the US are responsible for 13% of the carbon in the atmosphere which 95% is not from Humans, like cars and trucks and stuff and they want to spend trillions to fix it while Solar Panel plants are powered by coal plants
think about that

Raven Core

Lets put his retarted reply here so people know how much he cares.

__________________
You suck at the interweb

xNetworx

The email list can be found by signing up for www.weconvert.com

jimthefiend

Raven Core

I dont post email addresses.
But the vulnerability is there for long time and Tony full of himself said its nothing.

__________________
You suck at the interweb

GrouchyAdmin

Ok, now that's bullshit. At least use time_t as a salt. Jesus.

__________________

Raven Core

Well, I'm no ass, not more than Tony.
Actually I've been quite nice because I offered the webmasters and Tony the quick solution, wasn't I ?
Just drop an .htaccess in there.

__________________
You suck at the interweb

Raven Core

exactly, he wasn't probably aware of Rainbow tables.

__________________
You suck at the interweb

Vendzilla

Your the ass that's posting this, not Tony, the problem has always been a priority, got to make you wonder what your doing clicking around looking for a vulnerability and then exploiting it on your website, then making sure everyone knows about it, what an ass!

__________________
Carbon is not the problem, it makes up 0.041% of our atmosphere , 95% of that is from Volcanos and decomposing plants and stuff. So people in the US are responsible for 13% of the carbon in the atmosphere which 95% is not from Humans, like cars and trucks and stuff and they want to spend trillions to fix it while Solar Panel plants are powered by coal plants
think about that

Vendzilla

Because of what the file does, a simple htaccess file won't do it

__________________
Carbon is not the problem, it makes up 0.041% of our atmosphere , 95% of that is from Volcanos and decomposing plants and stuff. So people in the US are responsible for 13% of the carbon in the atmosphere which 95% is not from Humans, like cars and trucks and stuff and they want to spend trillions to fix it while Solar Panel plants are powered by coal plants
think about that

boneless

Raven Core whats your personal problem with comus and or tony?

im sure if you would have mailed us i would have caught that email too as i do read the support emails...

So whats the problem, and whats your real nick? im sure the raven core is a nick you use to stir up shit...as it has 39 posts and is regged in sept 2006 :S

__________________
icq:148573096 skype:dabone2 email:boneless(a)mgpteam(.)com

Vendzilla

he registered today, first post he said he was going to start some shit

__________________
Carbon is not the problem, it makes up 0.041% of our atmosphere , 95% of that is from Volcanos and decomposing plants and stuff. So people in the US are responsible for 13% of the carbon in the atmosphere which 95% is not from Humans, like cars and trucks and stuff and they want to spend trillions to fix it while Solar Panel plants are powered by coal plants
think about that

Raven Core

if thats what you think, sure.
I call it full disclosure.

__________________
You suck at the interweb

Raven Core

Well, first of all I want to make sure the problem is fixed.
Second Tony's answer to the original thread looked like he doesn't diserve to be announced.
Afterall he has all his friends from
Russia, China, Australia, New Zealand, Italy, USA, Germany, Amsterdam, Turkey, Korea, Europe, Asia, North America, South America, the Pacific and Africa

watching his back.

__________________
You suck at the interweb

boneless

you dont answer my questions really...

__________________
icq:148573096 skype:dabone2 email:boneless(a)mgpteam(.)com

Raven Core

well, too bad you don't get the point.
Now fix that thing.

__________________
You suck at the interweb

squishypimp

holy shit, is this forreal?

__________________

Gillespie

I understand Vendzilla's point of view. However, I do not agree that people who used and/or paid for the software shouldn't know this.

I have no experience with Comus, have very limited experience in the adult webmaster world, but have been around the Internet since 9600bps modems. Based on the little information I know, it is unlikely that the people using Comus would have gotten an email from the scripters saying that this information has been exposed.

The downside of exposing a hole like this is that you also let people who are going to use the information for bad purposes know about it too. If that's the price people have to pay for getting to know that they've been exposed, then so be it; but by no means should this issue have gone unoticed by the customers of Comus.

I do see a clear intention of Raven Core to give Comus a bad name, but he's not lying about the main issue: Comus has a hole. That's a fact. Furthermore, readers should not be distracted by the whole "Comus sucks"-themed posts and they should look and focus on the real problem. Call me Master of the Obvious, but that's the way I see it.

The fact that I got to see the links that were posted in the first post confirmed the seriousness of the issue. If I hadn't seen them, I'd be calling bullshit or at least have my doubts of how bad the problem is.

__________________
Blue Design Studios
My choice for web design.
Click this to see why.

Get a REAL host. Try JaguarPC.

294-659-259

munki

How far away is the fix?

Bad juju...

__________________

wdsguy

this always happens with full security disclosures, if the makers of the software were warned and hadn't done anything in a timely manner to fix the hole .... then I think you can't blame the guy for making this public.

Vendzilla

anyone that knows about Comus knows that it's always growing, I've been using it for several years and have seen loads of changes. Tony is always working on improvements. Many people in the industry know and respect Tony for his work and the support you get with comus, it has more customizing capibilities than any other TGP script. Then someone comes in, probably a fake nick, and bashes his company. Never contacted him, if he did, he would have known it was being worked on. But instead decided to post the list of those webmasters for the spammers.

__________________
Carbon is not the problem, it makes up 0.041% of our atmosphere , 95% of that is from Volcanos and decomposing plants and stuff. So people in the US are responsible for 13% of the carbon in the atmosphere which 95% is not from Humans, like cars and trucks and stuff and they want to spend trillions to fix it while Solar Panel plants are powered by coal plants
think about that

Jace

this hole has been there for a LONG fucking time, and sixzeros has talked about fixing it for the same amount of time....um...hello? when is enough enough? just fix the damn hole already, LOL, stop talking abut how you know it is there, and DO something about it!

WiredGuy

Vendzilla, if you want to edit his post, you should maybe edit his site reference as the exploit is given there in full.
WG

__________________
I play with Google.

V_RocKs

NO, Tony did... I have seen this same shit over and over again. Someone tells him that something is fucking broken and he acts like it is no big deal. Hacking isn't being able to shoot a large canon at something and then come in through the enormous hole that was created. Hacking is finding the smallest problem and then exploiting it.

Splum

Sig spot secured.

Gillespie

I have no doubt that you're not lying, but was there an email to customers to let them know that the hole existed?

Furthermore, based on the posts here, this has been around for quite some time and the spectacularization that Raven Core did about the entire thing make me think few people know about it.

Again, I don't want to stir the waters more, I completely understand your point of view, but I do not agree that this should go unnoticed. I know that I if were a custmer, I'd like to know about it.

__________________
Blue Design Studios
My choice for web design.
Click this to see why.

Get a REAL host. Try JaguarPC.

294-659-259

Gillespie

I have no doubt that you're not lying, but was there an email to customers to let them know that the hole existed?

Furthermore, based on the posts here, this has been around for quite some time and the spectacularization that Raven Core did about the entire thing make me think few people know about it.

Again, I don't want to stir the waters more, I completely understand your point of view, but I do not agree that this should go unnoticed. I know that I if were a custmer, I'd like to know about it.

__________________
Blue Design Studios
My choice for web design.
Click this to see why.

Get a REAL host. Try JaguarPC.

294-659-259

pornpf69

this is really serious!!!

__________________

Cash X | OK Pay | Pukka Ropes | Pukka Fetish | STRAPED BLOG | Male Bound and Fucked

Gillespie

Sheez... Typo, "custmer" should read "customer". I'm not that illiterate.

__________________
Blue Design Studios
My choice for web design.
Click this to see why.

Get a REAL host. Try JaguarPC.

294-659-259

jmk

o u t c h

wjxxx

sig spot

tranza

Nice thread...

__________________
I'm just a newbie.

scottybuzz

1234567890876543212345790

__________________
$$$$$ MAKE HUGE MONEY IN CAMS - CLICK HERE $$$$$

TheSenator

That shit is old. I thought he should have fixed this years ago.

__________________
ISeekGirls.com since 2005