Ghost (or Ghosts): Do not taunt the lad! I believe he is onto something.
In fact, anonymous sources in the Internet Underground assert that there are indeed numerous _other_ exploitable vectors in the application under Mssr. WHK's watchful eye, including (it would seem), Remote File Inclusion, SQL Injection, Request Forgery of the Cross-Site persuasion, and even (so my sources say), bona fide Code Execution [1] in the context of any web application server providing access to this e-Hindenburg of a PHP application! [2] I say, carry on, my wayward son! Do carry on. I shall watch this thread with great interest, my hairs a-bristle to see what further pearls of wisdom you fling in our (sadly, unappreciative) porcine midst. Your humble servant, 在鬍鬚的瓦爾迪 [1] http://dvwa.svn.sourceforge.net/viewvc/dvwa/vulnerabilities/ [2] Redundant, of course, I realise... On 12/29/09, ghost <[email protected]> wrote: > You are very stupid. > > > On Tue, Dec 29, 2009 at 12:12 PM, WHK <[email protected]> wrote: >> Is not a feature, the vulnerabilities are controled by >> /vulnerabilities/[id vuln]/* no in file view_source.php. >> >> If an sistem have SQL inyection is a feature? >> mysql_query(' select * from '.$_GET['table']); >> is a feature? >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
