[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] SANS PHP Port Scanner Remote Code Execution

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix"><font size="-1"><font face="Arial">Nick:<br>
          <br>
          <font size="-1">&nbsp;&nbsp;&nbsp; That gets you to the fail page 
where <font
              size="-1">(sometimes) you are offered the option to look
              at the cached copy....<br>
              <br>
              <font size="-1">&nbsp;&nbsp;&nbsp; <font size="-1">Here is the 
cached
                  copy --&gt; <a
href="http://webcache.googleusercontent.com/search?q=cache:http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/";>http://webcache.googleusercontent.com/search?q=cache:http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/</a></font></font><br>
            </font></font></font></font>
      <div class="moz-signature">
        <title>Message</title>
        <meta http-equiv="Content-Type" content="text/html;
          charset=ISO-8859-1">
        <meta content="MSHTML 6.00.2900.2668" name="GENERATOR">
        <div>&nbsp;</div>
        <div>&nbsp;</div>
        <div>
          <div align="left">
            <div align="left"><font size="2" face="Arial">Regards,</font></div>
            <div align="left"><font size="2" face="Arial">Stefan</font></div>
            <div align="left">&nbsp;</div>
            <div align="left"><font size="2" 
face="Arial">**************************************************************************<br>
                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span 
class="406481714-22042004">&nbsp;&nbsp;&nbsp;</span>&nbsp;<a
href="http://www.sjsinc.com/cgi-bin/DoRedirect?sig-google";><strong>Stefan
                    Jon Silverman</strong></a> - Founder / President<br>
                
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span
 class="406481714-22042004">&nbsp;&nbsp;&nbsp; 
</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span
                  class="406481714-22042004"> </span>SJS Associates,
                N.A., Inc.<br>
                
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span
 class="406481714-22042004">&nbsp;&nbsp;&nbsp; </span>&nbsp;A
                Technology Strategy Consultancy</font></div>
            <div align="left"><font size="2" 
face="Arial">**************************************************************************<br>
              </font><span class="406481714-22042004"><font face="Arial"><font
                    size="2"><span class="266234215-06082004">Cell&nbsp; 
</span><strong>917
                      929 1668</strong><span 
class="266234215-06082004">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <span 
class="406481714-22042004"><span
                          class="406481714-22042004"></span><a
                          
href="mailto:sjs@xxxxxxxxxx";><strong>sjs@xxxxxxxxxx</strong></a>&nbsp;&nbsp;
                        eMail</span></span></font></font></span></div>
            <div align="left"><span class="406481714-22042004"><span
                  class="266234215-06082004"><font size="2" 
face="Arial">&nbsp;<span
                      
class="146163119-06072005">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</font><span
                    class="406481714-22042004"><font size="2"
                      face="Arial"> </font><a
                      href="http://www.sjsinc.com/?%20eMail%20Sig";><font
                        size="2" 
face="Arial"><strong>www.sjsinc.com</strong></font></a><font
                      size="2" face="Arial"> </font><span
                      class="406481714-22042004"><br>
                    </span><font size="2" 
face="Arial">**************************************************************************
                    </font></span></span></span></div>
            <div align="left"><span class="406481714-22042004"><span
                  class="266234215-06082004"><span
                    class="406481714-22042004"><font size="2"
                      face="Arial">Aim/Skype: <font 
color="#0000ff"><strong>LazloInSF</strong></font><span
                        class="739403617-04042003">&nbsp;&nbsp;<span
                          class="266234215-06082004">&nbsp;<span
                            
class="535065215-06082004">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                          </span></span></span>Twitter/Y<span
                        class="535065215-06082004">a</span><span
                        class="535065215-06082004">hoo</span>: </font><font
                      face="Arial"><font size="2"><font 
color="#0000ff"><strong>sjs_sf</strong><br>
                        
</font>**************************************************************************
                        <br>
                        
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Weebles
 wobble but they don't fall
                        down!!!! <br>
                        
**************************************************************************
                        <!--TMP-LFT <BR><IMG 
SRC="http://www.sjsinc.com/cgi-bin/1pix-img?XXXSigToken"; BORDER=0 HEIGHT=0 
WIDTH=0 > <BR> TMP-RT--><!-- --><br>
                      </font></font></span></span></span></div>
          </div>
        </div>
        <div>&nbsp;</div>
      </div>
      On 3/7/2013 9:00 PM, Nick FitzGerald wrote:<br>
    </div>
    <blockquote
      cite="mid:51397080.32734.21A89A0D@xxxxxxxxxxxxxxxxxxxxxxxx"
      type="cite">
      <pre wrap="">adam replied to himself:

</pre>
      <blockquote type="cite">
        <blockquote type="cite">
          <pre wrap="">The original page has been deleted?
</pre>
        </blockquote>
        <pre wrap="">
Screenshot for anyone who might have missed it (before cache is removed):

<a class="moz-txt-link-freetext" 
href="http://img842.imageshack.us/img842/7351/sansphpportscannerfdpng.png";>http://img842.imageshack.us/img842/7351/sansphpportscannerfdpng.png</a>
</pre>
      </blockquote>
      <pre wrap="">
Or, if you want actual editable content, you could try this thing 
called the Google cache...

Search Google for the original URL:

   <a class="moz-txt-link-freetext" 
href="http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/";>http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/</a>

et voila!



Regards,

Nick FitzGerald


_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext" 
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext" 
href="http://secunia.com/";>http://secunia.com/</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/