lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5598cfa10607191720n168fb712h399e355f23606bfe@mail.gmail.com>
Date: Wed, 19 Jul 2006 19:20:12 -0500
From: "Mark Sec" <mark.sec@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Webspeed remote testing tips?

Alo,

does anyone have more info about webspeed vulnerabilities ?
or howto execute remote commands?
does anyone have "glosary" about msgs errors o services?

I tried:

(1) http://server/cgi-bin/anyfile.sh/WService=anything?WSMadmin
Messenger: Internal command access denied. (6368)

(2) http://server/cgi-bin/anyfile.sh/|id;uname;ls;
Messenger: URL contains invalid syntax. (6369)

(3) http://server/cgi-bin/wspd_cgi.sh?
Msngr: the specified service name does not exist or has a bad format.
(5825): wsbroker1

wsbroker1? what services we can execute ?

(4) http://server/scripts/wsisa.dll/WService=anything?WSMadmin <- for win32
(not successful)
(5) http://server/scripts/wsnsa.dll/WService=anything?WSMadmin <- for Unix
(not successful)


regards
-  Mark  :-)

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ