| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: novappc at novappc.com (Lorenzo Hernandez Garcia-Hierro) Subject: Ok KF, i tell you about the buffer overflow in Sphera Hi KF, all the information about the buffer overflow is in the report but i can tell you, when you request the subbmitted.php file , the sphera hd ( hosting director) cp ( control panel ) make the proper actions only checking the vds_[vds user/number]|| variable and the boolean value like true or false, if you send a large request in the GET mode , the script makes a pick up in the server and the server becomes unstable , ok ? and if you only modify the user variable , you can acces another users accounts!. regards, ------------------------------------------------------ Lorenzo Hernandez Garcia-Hierro --- Computer Security Analyzer --- --Nova Projects Professional Coding-- PGP: Keyfingerprint B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2 ID: 0x9C38E1D7 ********************************** www.novappc.com security.novappc.com www.lorenzohgh.com ______________________
Powered by blists - more mailing lists