Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Xeneo Webserver Vulnerability

From: "badpack3t" <badpack3t () security-protocols com>
Date: Wed, 23 Apr 2003 14:30:14 -0400 (EDT)
Tamer,

You may want to correct yourself.  You discovered http://target/% on an
OLD (Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 are vulnerable.) version. 
I found a different bug in there latest version (which was 2.2.9.0. at the
time) by requesting a GET / with 4096 ?'s.  Now how would this be the same
as you released?  Care to explain?

---------------------------
-badpack3t
www.security-protocols.com
---------------------------


Hi Folks,

I contributed the vulnurability about Xeneo Webserver, mentioned below,
to iDefense on 4th, November 2002. All rights on this vulnurability
belongs to me and iDefense.

Craps,
http://lists.netsys.com/pipermail/full-disclosure/2003-April/009371.html
http://lists.netsys.com/pipermail/full-disclosure/2003-April/009386.html

My Advisories at iDefense,
http://www.idefense.com/advisory/11.04.02b.txt

Please, without searching well, do not publish these kind of advisories.

Cheers,

Tamer Sahin
http://www.securityoffice.net




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: