Full Disclosure: Re: Plesk Apache Zeroday Remote Exploit

Re: Plesk Apache Zeroday Remote Exploit

From: Ed Velez <ed.velez () gmail com>
Date: Thu, 6 Jun 2013 06:52:45 -0500

Only versions 9.0 - 9.2.3 seem to be effected. Looks like this may have
been lurking for some time:

http://kb.parallels.com/en/113818

At least they noted that these versions *might* be vulnerable...




On Thu, Jun 6, 2013 at 4:41 AM, Milan Berger <m.berger () project-mindstorm net

wrote:

Hi king cope,

Please keep headers intact.



tried your exploit on some SuSE and Debian machines, I was never able
to get what I deserve, never found this phppath/php getting Error
404/403.

Any suggestions?

--
Kind Regards

Milan Berger
Project-Mindstorm Technical Engineer

---
project-mindstorm.net
Fruehlingstrasse 4
90537 Feucht
Germany

Mob.: +49 176 22987602

https://www.ghcif.de
http://www.nopaste.info (for sale)
https://www.digital-bit.ch
http://www.project-mindstorm.net


twitter: http://twitter.com/twit4c

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Plesk Apache Zeroday Remote Exploit king cope (Jun 05)
- Re: Plesk Apache Zeroday Remote Exploit Milan Berger (Jun 06)
  - Re: Plesk Apache Zeroday Remote Exploit Ed Velez (Jun 07)
- <Possible follow-ups>
- Re: Plesk Apache Zeroday Remote Exploit David H (Jun 06)
  - Re: Plesk Apache Zeroday Remote Exploit Kingcope (Jun 06)
  - Re: Plesk Apache Zeroday Remote Exploit Kingcope (Jun 06)
    - Re: Plesk Apache Zeroday Remote Exploit Kingcope (Jun 06)
    - Re: Plesk Apache Zeroday Remote Exploit David H (Jun 06)
- Re: Plesk Apache Zeroday Remote Exploit アドリアンヘンドリック (Jun 07)