lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAGKQm=VaY473+ZmrtuUu2q3muJhRWjD1uLZ83xOo41kVu-=B3g@mail.gmail.com>
Date: Sun, 15 Feb 2015 10:43:00 -0300
From: Juan Martinez <gus70938@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Bug in TradeWinds

Hi, I turn to you because I want to make public a bug, a web server called
Trade Winds, by which much compromising information of internal servers
exposed ... Through a Dork on google: inurl: cgi-shl / twserver.exe run?.
They are vulnerable server, injecting this url: http:
//victim/cgi-shl/twserver.exe run (example: CityInfo?). Which brings us
back an error with this data: TradeWinds: Environment variables sent by
Microsoft-IIS / 6.0 ALLUSERSPROFILE = C: \ Documents and Settings \ All
Users APP_POOL_ID = DefaultAppPool ClusterLog = C: \ WINDOWS \ Cluster \
cluster.log CommonProgramFiles = C: \ Program Files \ Common Files
COMPUTERNAME = WEBSERVER ComSpec = C: \ WINDOWS \ system32 \ cmd.exe
DSETPATH = C: \ Program Files \ Dell \ DSET FP_NO_HOST_CHECK = NO lib = C:
\ Program Files \ SQLXML 4.0 \ bin \ NUMBER_OF_PROCESSORS = 2 OS =
Windows_NT Path = C: \ PHP \; C: \ Perl \ site \ bin; C: \ Perl \ bin; C: \
Program Files \ Support Tools \; C: \ PVSW \ BIN; C: \ CFusionMX7 \ verity
\ k2 \ _nti40 \ bin; C: \ WINDOWS \ system32; C: \ WINDOWS; C: \ WINDOWS \
System32 \ Wbem; C: \ Program Files \ Dell \ SysMgt \ RAC5; C: \ Program
Files \ Dell \ SysMgt \ oma \ bin; C: \ Program Files \ Microsoft SQL
Server \ 80 \ Tools \ Binn \; C: \ Program Files \ Microsoft SQL Server \
90 \ Tools \ Binn \; C: \ Program Files \ Microsoft SQL Server \ 90 \ DTS \
Binn \; C: \ Program Files \ Microsoft SQL Server \ 90 \ Tools \ Binn \
VSShell \ Common7 \ IDE \; C: \ Program Files \ Microsoft Visual Studio 8 \
Common7 \ IDE \ PrivateAssemblies \; D: \ MySQL \ MySQL 1.3.6 Utilities \
PATHEXT = .COM; .EXE; .BAT; .CMD; .VBS; .VBE; .JS; .JSE; .wsf; .WSH PHPRC =
C: \ PHP \ PROCESSOR_ARCHITECTURE = x86 PROCESSOR_IDENTIFIER = x86 Family 6
Model 62 Stepping 4 GenuineIntel PROCESSOR_LEVEL = 6 PROCESSOR_REVISION =
3e04 ProgramFiles = C: \ Program Files SystemDrive = C: SystemRoot = C: \
WINDOWS TEMP = C: \ WINDOWS \ TEMP TMP = C: \ WINDOWS \ TEMP USERPROFILE =
C: \ Documents and Settings \ Default User VERITY_CFG = C: \ CFusionMX7 \
verity \ k2 \ common \ verity.cfg VSL = C: \ PVSW \ BIN windir = C: \
WINDOWS That data and more the server, and the pc making the connection. So
I decided to report to you and make public the ruling. Greetings and hope
not having bothered with their time.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ