Full Disclosure mailing list archives
Re: Wood's Infinity Project 3.69a Remote Command Execution
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Thu, 12 Jun 2003 17:08:40 -0700
----- Original Message ----- From: "badpack3t" <badpack3t () security-protocols com> To: <full-disclosure () lists netsys com> Sent: Thursday, June 12, 2003 3:49 PM Subject: [Full-disclosure] Wood's Infinity Project 3.69a Remote Command Execution
There is a massive xss problem in the 404 script mrwood uses. here
is PoC
for this 0day advisory: http://exploit.wox.org/<b>a</b>
huh? like I care that my 404 has xss. anything that is on my webroot is public info ( its on the net ). I dont get it..? going through alot of trouble for uuhh, make yourself look bad? and if this is your grand sploit <?PHP passthru("ls"); ?> uploaded to me.. umm i dont store the upload in the webroot, very far from it actually, so unless you compromise me with a phpshell exploit or something else that allows below webroot directory transversal, im not caring to much. I hold no password databases or any other material i would miss anyway. wood _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Wood's Infinity Project 3.69a Remote Command Execution badpack3t (Jun 12)
- Re: Wood's Infinity Project 3.69a Remote Command Execution morning_wood (Jun 12)
- Re: Wood's Infinity Project 3.69a Remote Command Execution morning_wood (Jun 12)