Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  PHPSlideShow XSS Update

  Liferay Enterprise Portal multiple XSS

  PHPkit 1.6.1 (include.
php?path=) Remote File Inclusion

  Eurologon CMS Multiple SQL Injection

From:Jose Luis Góngora Fernández <sys-project_(at)_hotmail.com>
Date:29 ноября 2007 г.
Subject:Gekko <=0.8.2 (temp directory) Path Disclosure

# Gekko <=0.8.2 (temp directory) Path Disclosure
# Download:
# http://www.gekkoware.org/
# Bug found by JosS / Jose Luis Gуngora Fernбndez
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# /server irc.freenode.net /join #fullsecure
# d0rk: "Powered by Gekko"
# Stop lammer

[*] sensitive directory:

temp/
temp/ip.blacklist
temp/cache/
.temp/logs/
- temp/logs/access.log
- temp/logs/actions.log
- temp/logs/messages.log
- temp/logs/warning.log

http://www.example.com/PATH/temp/
http://www.example.com/gekko/temp/

You can see sensitive information of the user [example]:

[09/09/2007 04:10:37] (uid=1) [email protected] [Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070723 Iceweasel/2.0.0.6 (Debian-2.0.0.6-1)]
/modules/blog/actions.php
-- blog: created new entry with title 'Semana GNU'


//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Gуngora Fernбndez

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород