[12-26 20:42] lyger: so me a SMALL favor

[12-26 20:43] jericho: you a small favor

[12-26 20:43] lyger: er, do me a SMALL FAVOR

[12-26 20:43] jericho: yes you is

[12-26 20:43] lyger: i know, caps lock, FUCK YOU

[12-26 20:43] jericho: who's the small favor, aww cutesy wutesy

[12-26 20:43] lyger: i hate you




Lyger (6/16/2009 5:33:53 PM): @falconsview falconsview is not gay. but his boyfriend is. that's the message i'm 
getting here. lyger is notably excited.

Lyger (6/16/2009 5:33:56 PM): your post?

jericho (6/16/2009 5:35:12 PM): yeah, several toward him with lyger gay jokes

jericho (6/16/2009 5:35:39 PM): YOU DONT READ TWITTER

Lyger (6/16/2009 5:37:28 PM): now changing account password... *whistle*

Lyger (6/16/2009 5:38:32 PM): i was going to buy you booze at con with my halliburton profits

Lyger (6/16/2009 5:38:40 PM): and now... this..

jericho (6/16/2009 5:42:51 PM): you want to get me drunk and show me firsthand your homosexuality?!

Lyger (6/16/2009 5:43:37 PM): no

Lyger (6/16/2009 5:43:48 PM): get you drunk and push you off hoover dam maybe



Lyger (9/5/2009 10:32:05 PM): Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information 
via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, 
or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php,  lib/lib.compose.php, 
(7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation 
path in an error message.

Lyger (9/5/2009 10:32:16 PM): multiple script

jericho (9/5/2009 10:32:26 PM): hrm

jericho (9/5/2009 10:32:36 PM): yeah generally split PD

Lyger (9/5/2009 10:32:45 PM): wait

Lyger (9/5/2009 10:33:06 PM): we said no split on multiple script direct request

jericho (9/5/2009 10:33:16 PM): if auth bypass

jericho (9/5/2009 10:33:24 PM): because that is generally 1 failed auth system

jericho (9/5/2009 10:33:27 PM): this is path disclose

Lyger (9/5/2009 10:33:58 PM): so 8 split on x direct request path disclosure

jericho (9/5/2009 10:34:37 PM): unless we know its an underlying issue (debug mode = on)

jericho (9/5/2009 10:34:45 PM): then we usually split them out

Lyger (9/5/2009 10:34:51 PM): so 8 split on x direct request path disclosure... YES?

jericho (9/5/2009 10:35:00 PM): for direct request auth bypass, we know its one poorly implemented auth system

jericho (9/5/2009 10:35:01 PM): YES

Lyger (9/5/2009 10:35:06 PM): god i hate you

jericho (9/5/2009 10:35:20 PM): you are so off my x-mas card list

Lyger (9/5/2009 10:35:35 PM): you never sent me one before, no fucking loss there



main page ATTRITION feedback