lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Law11-OE451WE9j6TmX0004268b@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: Wood's Infinity Project 3.69a Remote Command Execution

----- Original Message -----
From: "badpack3t" <badpack3t@...urity-protocols.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, June 12, 2003 3:49 PM
Subject: [Full-Disclosure] Wood's Infinity Project 3.69a Remote
Command Execution


> There is a massive xss problem in the 404 script mrwood uses.  here
is PoC
> for this 0day advisory: http://exploit.wox.org/<b>a</b>

huh? like I care that my 404 has xss. anything that is on my webroot
is public info ( its on the net ).

I dont get it..? going through alot of trouble for uuhh, make yourself
look bad?
and if this is your grand sploit
<?PHP
passthru("ls");
?>
uploaded to me.. umm i dont store the upload in the webroot, very far
from it actually, so unless you compromise me with a phpshell exploit
or something else that allows below webroot directory transversal, im
not caring to much. I hold no password databases or any other material
i would miss anyway.

wood

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ