Full Disclosure mailing list archives
Re: Xeneo Webserver Vulnerability
From: "badpack3t" <badpack3t () security-protocols com>
Date: Wed, 23 Apr 2003 14:30:14 -0400 (EDT)
Tamer, You may want to correct yourself. You discovered http://target/% on an OLD (Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 are vulnerable.) version. I found a different bug in there latest version (which was 2.2.9.0. at the time) by requesting a GET / with 4096 ?'s. Now how would this be the same as you released? Care to explain? --------------------------- -badpack3t www.security-protocols.com ---------------------------
Hi Folks, I contributed the vulnurability about Xeneo Webserver, mentioned below, to iDefense on 4th, November 2002. All rights on this vulnurability belongs to me and iDefense. Craps, http://lists.netsys.com/pipermail/full-disclosure/2003-April/009371.html http://lists.netsys.com/pipermail/full-disclosure/2003-April/009386.html My Advisories at iDefense, http://www.idefense.com/advisory/11.04.02b.txt Please, without searching well, do not publish these kind of advisories. Cheers, Tamer Sahin http://www.securityoffice.net
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Xeneo Webserver Vulnerability Tamer Sahin (Apr 23)
- Re: Xeneo Webserver Vulnerability Jakob Balle (Apr 23)
- Re: Xeneo Webserver Vulnerability badpack3t (Apr 23)
- <Possible follow-ups>
- Re: Xeneo Webserver Vulnerability badpack3t (Apr 23)
- pissed off cyn0n (Apr 24)
- Re: pissed off Valdis . Kletnieks (Apr 25)
- Re: pissed off Melvyn Sopacua (Apr 26)
- Re[2]: pissed off Tamer Sahin (Apr 26)
- Re: Re[2]: pissed off Knud Erik Højgaard (Apr 26)
- Re: Re[2]: pissed off Cedric Blancher (Apr 26)
- Re: Re[2]: pissed off Halil Demirezen (Apr 27)
- Re: Re[2]: pissed off badpack3t (Apr 26)
- Re: Re[2]: pissed off Halil Demirezen (Apr 27)
- Re: Re[2]: pissed off Steve (Apr 28)
- pissed off cyn0n (Apr 24)
- Re: Xeneo Webserver Vulnerability Jakob Balle (Apr 23)