| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Law11-OE451WE9j6TmX0004268b@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: Wood's Infinity Project 3.69a Remote Command Execution
----- Original Message -----
From: "badpack3t" <badpack3t@...urity-protocols.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, June 12, 2003 3:49 PM
Subject: [Full-Disclosure] Wood's Infinity Project 3.69a Remote
Command Execution
> There is a massive xss problem in the 404 script mrwood uses. here
is PoC
> for this 0day advisory: http://exploit.wox.org/<b>a</b>
huh? like I care that my 404 has xss. anything that is on my webroot
is public info ( its on the net ).
I dont get it..? going through alot of trouble for uuhh, make yourself
look bad?
and if this is your grand sploit
<?PHP
passthru("ls");
?>
uploaded to me.. umm i dont store the upload in the webroot, very far
from it actually, so unless you compromise me with a phpshell exploit
or something else that allows below webroot directory transversal, im
not caring to much. I hold no password databases or any other material
i would miss anyway.
wood
Powered by blists - more mailing lists