Full Disclosure mailing list archives
Re: File Disclosure in DAMN VULNERABLE WEB APPversion 1.0.6
From: "Valdis' Mustache" <securitas.mustata () gmail com>
Date: Wed, 30 Dec 2009 01:50:14 -0500
Ghost (or Ghosts): Do not taunt the lad! I believe he is onto something. In fact, anonymous sources in the Internet Underground assert that there are indeed numerous _other_ exploitable vectors in the application under Mssr. WHK's watchful eye, including (it would seem), Remote File Inclusion, SQL Injection, Request Forgery of the Cross-Site persuasion, and even (so my sources say), bona fide Code Execution [1] in the context of any web application server providing access to this e-Hindenburg of a PHP application! [2] I say, carry on, my wayward son! Do carry on. I shall watch this thread with great interest, my hairs a-bristle to see what further pearls of wisdom you fling in our (sadly, unappreciative) porcine midst. Your humble servant, 在鬍鬚的瓦爾迪 [1] http://dvwa.svn.sourceforge.net/viewvc/dvwa/vulnerabilities/ [2] Redundant, of course, I realise... On 12/29/09, ghost <ghosts () gmail com> wrote:
You are very stupid. On Tue, Dec 29, 2009 at 12:12 PM, WHK <www.kernel32 () gmail com> wrote:Is not a feature, the vulnerabilities are controled by /vulnerabilities/[id vuln]/* no in file view_source.php. If an sistem have SQL inyection is a feature? mysql_query(' select * from '.$_GET['table']); is a feature? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: File Disclosure in DAMN VULNERABLE WEB APPversion 1.0.6 infolookup (Dec 29)
- Re: File Disclosure in DAMN VULNERABLE WEB APPversion 1.0.6 WHK (Dec 29)
- Re: File Disclosure in DAMN VULNERABLE WEB APPversion 1.0.6 ghost (Dec 29)
- Re: File Disclosure in DAMN VULNERABLE WEB APPversion 1.0.6 Valdis' Mustache (Dec 29)
- Re: File Disclosure in DAMN VULNERABLE WEB APPversion 1.0.6 ghost (Dec 29)
- Re: File Disclosure in DAMN VULNERABLE WEB APPversion 1.0.6 WHK (Dec 29)