Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Advisory : Persistent Internet Storage
From: Nico Le Moin <nicolemoin01 () gmail com>
Date: Wed, 26 Mar 2014 10:26:52 +0100

Hello All,

I want to inform you about a vulnerability in critical internet

It is possible for unauthenticated users to upload arbitrary files to the
internet whereafter it is not possible to delete these files from the

This vulnerability has been exploited in the past against Ms. Barbara
Streisand. However a CVE has not yet been rewarded.

I have discovered new attack vectors which aggravate this vulnerability. In
the use case of mailing lists
  - emails might contain code that can be used for RFI
  - emails might be stored as .html resulting in XSS
  - emails might be stored as .php files resulting in RCE


Nico Lemoin, ass. PhD

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]