lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <5598cfa10607191720n168fb712h399e355f23606bfe@mail.gmail.com>
Date: Wed, 19 Jul 2006 19:20:12 -0500
From: "Mark Sec" <mark.sec@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Webspeed remote testing tips?
Alo,
does anyone have more info about webspeed vulnerabilities ?
or howto execute remote commands?
does anyone have "glosary" about msgs errors o services?
I tried:
(1) http://server/cgi-bin/anyfile.sh/WService=anything?WSMadmin
Messenger: Internal command access denied. (6368)
(2) http://server/cgi-bin/anyfile.sh/|id;uname;ls;
Messenger: URL contains invalid syntax. (6369)
(3) http://server/cgi-bin/wspd_cgi.sh?
Msngr: the specified service name does not exist or has a bad format.
(5825): wsbroker1
wsbroker1? what services we can execute ?
(4) http://server/scripts/wsisa.dll/WService=anything?WSMadmin <- for win32
(not successful)
(5) http://server/scripts/wsnsa.dll/WService=anything?WSMadmin <- for Unix
(not successful)
regards
- Mark :-)
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/