lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <3EDE8C01.3000306@o0.dyndns.org>
Date: Wed, 04 Jun 2003 21:17:05 -0300
From: Martin <broadcast@...dyndns.org>
To: "Mr. Bugtraq" <bugtraq@...urityfocus.com>
Subject: Monkey Http Daemon


After reading the PHP XSS "exploit" (I dont know if it qualifies as one) 
in phpinfo(), I found out that on the default page of the Monkey Http 
Daemon, there is a Test of Supports section. Two links are included:
http://whateverhost/php/index.php
and
http://whateverhost/cgi-bin/test.pl

index.php just contains 'echo phpinfo(); '

Also, test.pl doesnt check for valid input on the forms, so you can 
include HTML code, etc. Pretty useless, I know, but I've been reading 
posts about this kind of stuff, so I thought i would throw in this. 
Found this on the version 0.7.1 version, the latest one i found on 
freshmeat.net. I havent contacted the author since I dont know if this 
is really a big deal or not.

Well, sorry for bothering and I hope I dont get flamed or anything

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ