lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <212255192.20030529161050@mail.ru>
Date: Thu, 29 May 2003 16:10:50 -0700
From: D4rkGr3y <grey_1999@...l.ru>
To: bugtraq@...urity.nnov.ru, bugtraq@...urityfocus.com
Subject: Son hServer v0.2: directory traversal


-----BEGIN PGP SIGNED MESSAGE-----

################################################################
#                     _____   __   __  ___                     #
#             ........\    \.|  |.|  |/   \........            #
#             :       /     \|  | |  |   __>      :            #
#             :      /   _   \  |_|  |  / __      :            #
#             :     /    /    \      | <_/  \     :            #
#             :..../   _/     /  _   |   `   \....:            #
#                : \_________/__| |__|_______/ :               #
#                :   Damage   Hacking   Group  :               #
#                :      Security  Advisory     :               #
#                :.............................:               #
#                                                              #
#                     http://www.dhgroup.org                   #
#b                                                            d#
##b,________________________________________________________.d##
|                                                              |
  Product: Son hServer v0.2
  Authors: super-m.narod.ru
| Vulnerability: directory traversal                           |
#--------------------------------------------------------------#
| Overview:                                                    |
  ~~~~~~~~~

  Small russian http server 
|                                                              |
#--------------------------------------------------------------#
| Problem:                                                     |
  ~~~~~~~~

  This server doesn't filter the "|" (slash) symbol.
|                                                              |
#--------------------------------------------------------------#
| Exploit:                                                     |
  ~~~~~~~~

  Type in your browser: "http://[server]/.|./" and enjoy ;)
|                                                              |
#--------------------------------------------------------------#
| :wow:                                                        |
  www.dhgroup.org -=> opened English version! Come on in :)
   ~~~
   NeKr0 /DHG                                 www.dhgroup.org
|                                                              |
#______________________________________________________________#
 \___________________________da_end___________________________/
 

Best regards               www.dhgroup.org
  D4rkGr3y                    icq 540981

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQCVAwUBPtaTcm4LIpseSJmPAQGULAP8Cwy21KIFzkUd+OxQBkO8cReTtn2xLo/k
r/N6wSvMCXk3LKqrLAh+pdHXt76rqX9zI5z2nwrV8P05S4DYtlFSGPDMiCFEyQ/u
LZwRs6HiuF3A0DBph9AXAJEfNZfUsX9M619kLk1RTK22T0GqcsPG+fZCh8RBdCBp
/zIvGD+T5gc=
=it5C
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ