Hi Kingcop,It brings another point that did Microsoft acknowledged this
vulnerability at all. did they indicate that ms will fix this issue??
--- On Mon, 16/7/12, king cope
wrote:
From: king cope
Subject: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin
To: full-disclosure@list
nt: Tuesday, July 17, 2012 7:43 PM
>
> Subject: Re: [Full-disclosure] Unpatched IIS Vulnerabilities / Microsoft
> July Security Bulletin
>
> Musntlive has never been funny. Just another bored teen who found the FD
> address in "Hackers Handbook for Dummies".
>
> _
On Tue, Jul 17, 2012 at 1:43 PM, NETT Dave wrote:
> Musntlive has never been funny. Just another bored teen who found the FD
> address in "Hackers Handbook for Dummies".
MusntLive is serious security researcher. Everyone who is read between
is line this is evident. Is for those like you who is r
/*PoC*/
Sorry no automated code yet :( can verify manually as follows:
Read musntlive's post. If it is similar to multiple previous posts check if
still funny.
Notice how you get a return value of nope.
/EoF
I can haz CVE now :(?
On Jul 17, 2012 10:10 AM, "Григорий Братислава" wrote:
> And yo
And you can is prove this theory is how?
On Tue, Jul 17, 2012 at 1:09 PM, Gage Bystrom wrote:
> Hello Full Disclosure! I is warn you about musntlive!
>
> He is use old joke over over again. Not funny!
>
___
Full-Disclosure - We believe in it.
Charter:
Hello Full Disclosure! I is warn you about musntlive!
He is use old joke over over again. Not funny!
--
I actually got nothing against you personally but its boring when you use
the same tactic over and over :/ mix things up and make it interesting!
On Jul 17, 2012 8:24 AM, "Григорий Бра
On Tue, Jul 17, 2012 at 10:11 AM, king cope
wrote:
> Hello Jan,
> I did some additional tests for the IIS bugs.
>
> * IIS 6.0 PHP authentication bypass is only possible on Windows Server
> 2003 SP1. SP2 seems unaffected
> So take that bug as resolved, my mistake as I didn't have a fully
> patche
On Tue, Jul 17, 2012 at 6:44 AM, Jan Reilink wrote:
> I can't reproduce authentication bypass vulnerabilities you mention.
> Also, there is more than one way to password protect a directory. Did
> you disable 'anonymous authentication' in IIS 6.0/7.5, or did you remove
> or deny IUSR-user NTFS pe
[Hope this doesn't get double posted, removed bugt...@securityfocus.com]
Hi,
Op 16-7-2012 19:24, king cope schreef:
> Hi Lists,
[...]
> The posting included some important bugs in the Internet Information
> Services, one of their
> flagship products:
> http://seclists.org/fulldisclosure/2012/Jun
MusntLive is find your problem:
echo "
>
> # Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of
> Service (CPU exhaustion)
> # Date: June 29, 2012
> # Author: coolkaveh
> # coolka...@rocketmail.com
> # https://twitter.com/coolkaveh
> # Vendor Homepage: http://www.microsoft.com
> #
On Mon, Jul 16, 2012 at 2:50 PM, kaveh ghaemmaghami
wrote:
> Hello list
> in my testing environment (IIS 6 with php5 ) the flaw exist . i
> think i got da move to XAMPP MS wont patch it LOL
>
Test environment is not production environment. Is place your test
server in your production netwo
On Mon, Jul 16, 2012 at 2:20 PM, king cope
wrote:
> Don't feed the trolls :D
> btw it's real, it's not my fault you don't understand.
> consult the attachment
MusntLive is no troll. Is question to be asked. If is tree fall on top
of you in if forest, believe you is me, is no matter is you hear i
On Mon, Jul 16, 2012 at 1:54 PM, Thor (Hammer of God)
wrote:
> Right - if you've compromised the server to the point you can alter
> directory structures/names, the you've already bypassed the ACLs required
> in order to "exploit" the vulnerability that allows you to bypass the
> ACLs. I don't ge
Right - if you've compromised the server to the point you can alter
directory structures/names, the you've already bypassed the ACLs required
in order to "exploit" the vulnerability that allows you to bypass the
ACLs. I don't get it.
t
On 7/16/12 10:47 AM, "Григорий Братислава" wrote:
>On M
On Mon, Jul 16, 2012 at 1:24 PM, king cope
wrote:
> Hi Lists,
>
> it seems Microsoft doesn't want to patch the vulnerabilities I posted
> back in June,
> at least not in the July update.
>
Hello Full Disclosure!! !! !!
Is like to introduce you to Schrödinger's Cat and Wigner's Friend in
is Compu
Hi Lists,
it seems Microsoft doesn't want to patch the vulnerabilities I posted
back in June,
at least not in the July update.
The posting included some important bugs in the Internet Information
Services, one of their
flagship products:
http://seclists.org/fulldisclosure/2012/Jun/189
The July S
16 matches
Mail list logo