----- Original Message ----- From: "badpack3t" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 12, 2003 3:49 PM Subject: [Full-Disclosure] Wood's Infinity Project 3.69a Remote Command Execution
> There is a massive xss problem in the 404 script mrwood uses. here is PoC > for this 0day advisory: http://exploit.wox.org/<b>a</b> huh? like I care that my 404 has xss. anything that is on my webroot is public info ( its on the net ). I dont get it..? going through alot of trouble for uuhh, make yourself look bad? and if this is your grand sploit <?PHP passthru("ls"); ?> uploaded to me.. umm i dont store the upload in the webroot, very far from it actually, so unless you compromise me with a phpshell exploit or something else that allows below webroot directory transversal, im not caring to much. I hold no password databases or any other material i would miss anyway. wood _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
