lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061227110547.11711.qmail@securityfocus.com> Date: 27 Dec 2006 11:05:47 -0000 From: hack2prison@...oo.com To: bugtraq@...urityfocus.com Subject: Host directory full disclosure and input error Host directory is a product of scriptsfrenzy.com and alstrasoft.com I check lastest version and maybe infected lower versions. I contacted vendor 5 times in 2 months but not received any replies. - FullPath disclosure: http://site.ext/path/ANY_INCORRECT_LINK Warning: main(/home/user/public_html/include/ANY_INCORRECT_LINK.php): failed to open stream: No such file or directory in /home/user/public_html/include/main.php on line 25 - Backup database bypass: http://site.ext/path/admin/backup/db - Change admin password without login: http://site.ext/path/admin/config