lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0712070223510.32603@forced.attrition.org> Date: Fri, 7 Dec 2007 02:24:20 +0000 (UTC) From: security curmudgeon <jericho@...rition.org> To: ilkerkandemir@...et.com Cc: bugtraq@...urityfocus.com Subject: Re: Phorm v3.0 Remote File Upload Vulnerability : # Phorm v3.0 Remote File Upload Vulnerability : : # ilker kandemir <ilkerkandemir[at]mynet.com> : : : # Exploit: http://[site]/[phorm_path]/lib/fileupload.php [+]=====>> upload your shell.php : : # http://[site]/[phorm_path]/files/phpshell.php This also won't work unless an administrator makes changes to intentionally compromise the installation. http://attrition.org/pipermail/vim/2007-July/001735.html