Full Disclosure mailing list archives
Re: Advisory : Persistent Internet Storage
From: Joxean Koret <joxeankoret () yahoo es>
Date: Wed, 26 Mar 2014 10:53:33 +0100
First troll mail. Now, it's real Full Disclosure! El mié, 26-03-2014 a las 10:26 +0100, Nico Le Moin escribió:
Hello All, I want to inform you about a vulnerability in critical internet infrastructure. It is possible for unauthenticated users to upload arbitrary files to the internet whereafter it is not possible to delete these files from the internet. This vulnerability has been exploited in the past against Ms. Barbara Streisand. However a CVE has not yet been rewarded. I have discovered new attack vectors which aggravate this vulnerability. In the use case of mailing lists - emails might contain code that can be used for RFI - emails might be stored as .html resulting in XSS - emails might be stored as .php files resulting in RCE Sincerely, Nico Lemoin, ass. PhD CISSP - C|EH _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Advisory : Persistent Internet Storage Nico Le Moin (Mar 26)
- Re: Advisory : Persistent Internet Storage Joxean Koret (Mar 26)
- Re: Advisory : Persistent Internet Storage Samuel Alp (Mar 26)
- Re: Advisory : Persistent Internet Storage Georgi Guninski (Mar 26)
- Re: Advisory : Persistent Internet Storage Georgi Guninski (Mar 26)
- Re: Advisory : Persistent Internet Storage Samuel Alp (Mar 26)
- Re: Advisory : Persistent Internet Storage Joxean Koret (Mar 26)