Nmap Development mailing list archives

.htaccess + php sec bypass

From: Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar>
Date: Mon, 30 Jul 2012 16:16:18 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hey Guys,

A couple of friends and colleagues (Maxi Soler and Matias Katz) shown the .htaccess security
bypass vuln+tool this week at our favorite security conferences.

Any plans to create an nse script to detect this misconfiguration?


- -- 
? Arturo "Buanzo" Busleiman ? - MUSICA: soundcloud.com/no-carrier
Independent Linux and Security Consultant - 16+y of IT exp. at your service .
OWASPer - http://www.buanzo.com.ar/pro/eng.html                             ..:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREKAAYFAlAW3YIACgkQAlpOsGhXcE0Z+wCeLbCBW8F/ETllJAwxKwFCKQoR
LEMAn0uq46v0FtPGBOvBE4ZEotkEClVr
=zRH7
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

.htaccess + php sec bypass Arturo 'Buanzo' Busleiman (Jul 30)
- Re: .htaccess + php sec bypass Gabriel Lawrence (Jul 30)
  - Re: .htaccess + php sec bypass Arturo 'Buanzo' Busleiman (Jul 30)
    - Re: .htaccess + php sec bypass Gabriel Lawrence (Jul 30)
    - Re: .htaccess + php sec bypass Matias Katz (Aug 01)
    - Re: .htaccess + php sec bypass Arturo 'Buanzo' Busleiman (Jul 30)
    - Re: .htaccess + php sec bypass Paulino Calderon (Aug 04)
    - Re: .htaccess + php sec bypass Paulino Calderon (Aug 17)
    - Re: .htaccess + php sec bypass David Fifield (Sep 07)
    - Re: .htaccess + php sec bypass Paulino Calderon (Sep 10)