Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: unarj dir-transversal bug (../../../..)
From: Harry de Grote <rik.bobbaers () cc kuleuven ac be>
Date: Tue, 12 Oct 2004 11:17:12 +0200

doubles () hush com wrote:

dis is powerfull security whole! im writting a exploit for it right now
in visual cobol!

czech this out::


it's over 1 year old! and it's your own fault if you fall for it, normally , you dry-run it first, then you see something fishy is going on.

btw... what's there to exploit??? just take a modified bash (sh) that opens a rootshell, and overwrite it!

djies... you skidds never seem to learn ;)

you really didn't invent the light, you know...

aka Rik Bobbaers

K.U.Leuven - LUDIT             -=- Tel: +32 485 52 71 50
Rik.Bobbaers () cc kuleuven ac be -=- http://harry.ulyssis.org


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]