| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: elvi52001 at yahoo.com (Elv1S) Subject: Re: (Fixed under Pressure?) LYCOS WorldWide Members' Accounts Source Pages Disclosure obliged to make the pressure on LYCOS and disclosure this f**k** vuln, so they finally fix ? not sure --> directory listening still works for the /Member_Name/ kessler@....de wrote: Worked a few minutes ago, fixed now. Produces 404 only now. Elv1S <elvi52001@...oo.com> wrote: Title : LYCOS WorldWide Members' Accounts Source Pages Disclosure & Directory Listening Date : 04/06/2003 Found : By ElviS (The King) Greetz to : www.k-otik.com <- ur so sexy - CaSsD?Di ;-) This vulnerability was PRIVATE and now Public, Very simple to exploit this vuln : membres.lycos.fr/Member_Name/Directory/%3f/%3f/ (Directory Listening) membres.lycos.fr/Member_Name/Directory/file.php%3f/%3f.jsp (Source Disclosure) Vulnerable : Lycos FRANCE - United Kingdom - Spain - Italy - Nederland - Germany ... membres.lycos.fr members.lycos.co.uk usuarios.lycos.es utenti.lycos.it members.lycos.nl mitglied.lycos.de [...] Are we Secure ? --------------------------------- Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software --------------------------------- Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en fran?ais ! Testez le nouveau Yahoo! Mail -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030909/f1c6f8ba/attachment.html
Powered by blists - more mailing lists