|
possible NATS exploit?
Can anyone confirm or deny this information?
http://www.gofuckyourself.com/showthread.php?t=630815 :helpme :helpme :helpme |
I guess that the script connects to a nats site and sponsors get it down for too many requests.
|
lol, you're so clueless.
|
I have n o idea.
|
Sounds more like a more serious problem at first sight
|
Quote:
nothing directly related to nats. |
What about the other programs that also do not seem to work ?
|
Anyway its getting popular so everybody will start finding bugs for it soon.
|
Quote:
|
Quote:
No, but happens with everything... phpbb... vbulletin... windows... |
Quote:
|
is this for real?
|
Quote:
|
some nats programs are ok
|
Quote:
There are Zend decoders now, though. |
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Just a matter of time i think.. all adult-cms had/have bugs..:disgust
mpa,sitdepth and so on :( |
Quote:
|
There wasnt a public advisory as far as i know but i said it here allready http://www.gofuckyourself.com/showthread.php?t=629368
|
Thx for the info
|
This is not a NATS bug, its neither a NATS exploit.
People that do not understand errors should not throw around words like "exploit"... what other programs do not work right now? I only know of this one problem with panchodog. The error with panchodog is a mysql problem, not a NATS problem. Just because NATS is so nice and actually produces intelligent error displays for the client does not mean its a damn NATS problem or exploit! |
Quote:
|
Quote:
Quote:
|
Quote:
Lol.. ok, if ya say so... What would be intelligent? "Sorry, but there is a problem, please come back later."??? So the client has to sit there and figure out for hours what the issue actually is? The page tells you EXACTLY what the problem is, thats the whole point of an error. Just because YOU do not understand it does not mean its not a correct error. |
Quote:
haha listen, now you got me mad, you're a fucking idiot, I know better than you what that means You shouldn't disclose informations to the public moron A message like "A mysql error was found" would've been more intelligent than telling all the world where nats is installed so it can be abused when a bug is found. That shit is called "path disclosure" look it up genius. Also, You don't have to display errors on the site for YOUR customer to see it. Those can be logged separately. |
Your error just told me:
the panchodog server is running freebsd theres a table called accounts in nats nats is installed in /usr/home/natsinstall panchodog is running version 3.0.29 Quote:
DO YOU REALLY NEED TO GIVE THAT INFO TO THE PUBLIC YOU are so fucking intelligent and so are your errors |
I advice you to not fucking reply to this thread anymore!
|
Sorry I made you mad, lol...
oppinions, oppinions.. everyone and their mother has one... We create the errors in this way so the clients notice them, we know our clients... The location disclosure of NATS itself is also no problem because in now-a-days exploits the path can be retreived anyway, its not so hard ya know, people that use exploits will find it fast anyway (in case they even NEED it, which is not even the case)... There is a reason why not even apache has a problem with disclosing full paths to websites, nor does PHP on standard php errors... We tried many different error displays in the past, we also had it turned off totally for some time and only did logging, we had too many clients get problems because of it and this way simply fixes things faster (98% of the time)... The errors do not disclose information that could not be retreived in many other ways if you want to exploit someone... |
Quote:
|
Quote:
Dude, that's not exactly difficult to figure out, even without an error message. |
I see you ignored my advice.
Quote:
Quote:
I don't want to think how much shit can be fetched from your script. You are supposed to take security seriously and not this fuck it attitude. Just because it can happen in other ways doesn't mean your script has to allow it. |
Quote:
I'll give you one day to show me that data without using nats. if not you'll have to build 100 galleries for epictrash |
Quote:
|
I did not call our clients idiots, far from it.. all I said is that we know our clients well, and we know what they want and ask from us ;)
The errors are created like this for a reason, I told you that plenty of times, if you do not understand or agree, thats not my problem, its yours... The information disclosed in no way is a problem, it only helps us and the client, and thats what it is there for... BTW, I just looked at axscripts.com, a friendly advice... you might want to reconsider posting here... |
Quote:
And hey, if you know of bugs in NATS (guessing that is what you mean by "what pos your script is"), please do tell! I'd love to know them so we can fix them (in case we have not already in our latest version) |
Quote:
Because I have a working knowledge of php and sql. Considering what you do, I'm shocked as hell you're making such a big deal out of this. Every fucking script I know of displays at least SOME path info in error messages when there are DB issues. There are also 50 million ways to find that info out even without an error. Your motivations in this are more than a little suspect. You don't dictate ANYTHING to me, btw. |
random bump
|
| All times are GMT -7. The time now is 11:38 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123