[Full-disclosure] CertificationMagazine - Blind SQL Injection Vulnerability
support at vs-db.info
Sat Dec 24 21:25:39 GMT 2011
You are funny KIDS Vulnerability-Lab
Let's clear something
1. You had posted first 1 year old BUG - leeched from MY VULNERABLE Sites DATABASE
2. i have sent you info / full disclosure that it was very OLD BUG - reported YEAR ago. (this wasn’t an attack!)
3. You have posted second 1.5 Year old BUG
4. i have sent you info / full disclosure that it was OLD BUG reported may 2010 (this wasn’t attack)
5. ATTACK FROM Vulnerability-LAB - 100% lies and fabricated stories in order to discredit me and my friends from Ariko-Security.
You don’t understand simple english – I am not ariko-security member – here is this sentence in German:
Ich bin nicht in einer Gruppe Ariko-Security
You smoke too much:
" then records of the databases that u dumped... because of the fact that you guys hack illegal into web-servers and dump the databases and do not notify the vendor." YEAH LOL
"Some weeks ago another AS member asked us ... why we do not work with you guys (vs-db.info & AS)? He also asked us multiple times for selling the dumps of hacked databases!?" nice children's imagination
"Also if you view in context what we do vs what you do there is no way we want to work with you." LOL AGAIN ,
ID: 26 845 6056 2 - IHK - 34125 Kassel (Germany) - Evolution Security - fake company - NOT REGISTERED IN GERMANY , NO VAT ID
DevSec - nice empty web page – also fake company – no VAT ID in netherlands
Welkom op devsec.nl
Please DO NOT SPAM MORE FD, if You want something from ME simply mail me.
Tomy / Vulnerable Sites Database
Wiadomość napisana przez research at vulnerability-lab.com w dniu 23 gru 2011, o godz. 17:57:
> Hi Tomy,
> After you wrote us now the second e-mail we want to make something very clear to u and everyone @ vs-db.info & ariko-security
> 1. Your website is serves no point other then records of the databases that u dumped... because of the fact that you guys hack illegal into web-servers and dump the databases and do not notify the vendor.
> You guys tell the researchers around you that you do some security stuff ... i think you guys are just fucking criminals. Thats why nobody respects the work you do anywhere.
> 2. Some weeks ago another ariko-security member asked us ... why we do not work with you guys (vs-db.info & ariko-security)? He also asked us multiple times for selling the dumps of hacked databases!?
> To answer that once more we are not interested in selling stolen information as said many times before.
> Why ?! Mainly due the fact that this is a criminal offence.
> And so a no go in our vision for the future of vulnerability-lab.com
> 3. Also if you view in context what we do vs what you do there is no way we want to work with you.
> - Inform vendors
> - Verify vulnerabilities/bugs to ensure validity
> - Disclosure after contact with vendor or after multiple tries to contact the vendor
> - Discolsure policy
> - Try to protect vendors and customers of those vendors
> - Dont inform vendor
> - No Discolsure policy
> - No verfication other then a picture
> - Selling of illegally dumped databases/information to make money
> 4. If so that you say that you are all that good an you are so awsome in what you do why is a 1.5 year old bug (if this infact true) still unpatched when we found it!?
> Sounds to me that u dumped the database then probably sold it off and then forgot all about it. Instead of contacting the vendor/webmaster etc.
> So clearly you have no idea of what working in security is about. Your are only trying to rape the benefits of a trick that you know.
> I hope that you see this as a wake up call and warning as next time we might not be as friendly.
> Best Regards,
> The Vulnerability-lab Team.
> Am 23.12.2011 11:32, schrieb Tomy:
>> MAY 2010 - Nice that you can find 1.5 YEARS old hole LOL!
>> Wiadomość napisana przez research at vulnerability-lab.com w dniu 20 gru 2011, o godz. 17:08:
>> support at vs-db.info
> Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
> Contact: admin at vulnerability-lab.com or support at vulnerability-lab.com
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
support at vs-db.info
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.