lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <474DF82B.2020001@menteslibres.org>
Date: Wed, 28 Nov 2007 17:22:19 -0600
From: "J. Carlos Nieto" <xiam@...teslibres.org>
To: bugtraq@...urityfocus.com
Subject: Re: Gekko <=0.8.2 (temp directory) Path Disclosure

Hi.

You forgot to mention that this happens only when Gekko is not installed 
under Apache server.

The file temp/.htaccess contains the following lines:
  Order Allow,Deny
  Deny from all

So if you try to get any file under the "temp" directory it will trow 
you a 403 error.

If you are using Apache maybe you just forgot to upload .htaccess (or 
deliberately deleted it?).

Regards.

sys-project@...mail.com wrote:
> # Gekko <=0.8.2 (temp directory) Path Disclosure
>
> # Download:
>
> # http://www.gekkoware.org/
>
> # Bug found by JosS / Jose Luis G�ngora Fern�ndez
>
> # Contact: sys-project[at]hotmail.com
>
> # Spanish Hackers Team
>
> # www.spanish-hackers.com
>
> # /server irc.freenode.net /join #fullsecure
>
> # d0rk: "Powered by Gekko"
>
> # Stop lammer
>
>
> [*] sensitive directory:
>
>
> temp/
>
> temp/ip.blacklist
>
> temp/cache/
>
> .temp/logs/
>
>  - temp/logs/access.log
>
>  - temp/logs/actions.log
>
>  - temp/logs/messages.log
>
>  - temp/logs/warning.log
>
>
> http://www.example.com/PATH/temp/
>
> http://www.example.com/gekko/temp/
>
>
> You can see sensitive information of the user [example]:
>
>
> [09/09/2007 04:10:37] (uid=1) admin@....151.32.69 [Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070723 Iceweasel/2.0.0.6 (Debian-2.0.0.6-1)]
>
> /modules/blog/actions.php
>
> -- blog: created new entry with title 'Semana GNU'
>
>
>
> //---------------------------------------\\
>
>
> Greetz To: All Hackers
>
> JosS! / Jose Luis G�ngora Fern�ndez 
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ