| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 8 Feb 2005 12:44:54 -0000 From: Andrew guess <cybercop38@...oo.com.au> To: bugtraq@...urityfocus.com Subject: [PersianHacker.NET 200502-05] WWWoard passwd Hi all, I know how this hole works and where it hits, also I have found a fix for it, so start applying or end up dieing....lmao This is an example of the source code for the forum script: Line 126:''''''''''End Add ''''''''''''''''''''' Line 127: Line 128:hostInfo = Dns.GetHostByAddress(clientIp) Line 129: Line 130:if IsDBNull(hostInfo) then and here is the fix: [SocketException (0x2afc): The requested name is valid, but no data of the requested type was found] System.Net.Dns.GetHostByAddress(IPAddress address) +264 System.Net.Dns.GetHostByAddress(String address) +54 ASP.WriteDeny_aspx.__Render__control1(HtmlTextWriter __output, Control parameterContainer) in D:\Inetpub\wwwroot\ProcessDeny\WriteDeny.aspx:128 System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +27 System.Web.UI.Control.Render(HtmlTextWriter writer) +7 System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243 What this does is denys access to the link (script) your trying to get into, meaning this one is passwd.txt via the wwwboard. you will need to create a /processdeny script which ain't that hard, but I may be wrong just look into it.
Powered by blists - more mailing lists