Egy elég érdekes emailt kaptam ( volt egy normál levél, amit haverom küldött és és még a szöveg után ezek voltak :)
Original Message ----- From: "Hugo Vazquez Carapez" To: Sent: Wednesday, June 16, 2004 9:59 PM Subject: [Full-Disclosure] IFH-ADV-31337 File Source disclosure vulnerability in all web servers. > File Source disclosure vulnerability in all web servers. > > > Infohacking Security Advisory 04.16.04 > www.infohacking.com > Jun 16, 2004 > > > I. BACKGROUND > > We discovered a very dangerous file source disclosure vulnerability in > all > webservers. This issue can be exploited using Microsoft Internet Explorer > and probably other browsers. > > > II. DESCRIPTION > > > Remote explotation of this issue can be achived by clicking with the > right button into the website and selecting the "view source code" option. > This option will display the contents of the html code. > > > For more leet explotation is also possible using lynx --source http://vulnerable.site/file.html > > > III. ANALYSIS > > > Successful exploitation allows an attacker to gain very very very sensible > information of the website. > > > > IV. DETECTION > > > Infohacking has confirmed that all webservers are vulnerable to this > problem. Sites like microsoft, securityfocus, hack.co.za and others are > vulnerable too! > > > > V. WORKAROUNDS > > > No work.. indeed. > > > VI. CVE INFORMATION > > > This is an 0day bug... so still no bid and CVE. > > > VII. DISCLOSURE TIMELINE > > > 02/18/04 Hugo notified the bug to [email protected] > 03/11/04 Initial vendor notification - no response > 03/30/04 Secondary vendor notification - no response > 05/20/04 We hack iberia.com > 06/17/04 Public Disclosure > > > VIII. CREDIT > > Hugo Vázquez Carapez http://www.infohacking.com/dirhugo.gif > > > Get pwned by script kiddies? > Call us, we can hack you again. > > > IX. LEGAL NOTICES > > > Copyright (c) 2004 INFOHACKING, Inc. > > > Permission is granted for the redistribution of this alert > electronically. It may not be edited in any way without the express > written consent of INFOHACKING. If you wish to reprint the whole or any > > part of this alert in any other medium other than electronically, please > > email [email protected] for permission. > > > Disclaimer: Infohacking is pretty whitehat and lame. If you are a part > of the blackhat communitie, please hack and remove us from the net > > > > Concerned about your privacy? Follow this link to get > secure FREE email: http://www.hushmail.com/?l=2 > > Free, ultra-private instant messaging with Hush Messenger > http://www.hushmail.com/services.php?subloc=messenger&lC4 > > Promote security and make money with the Hushmail Affiliate Program: > http://www.hushmail.com/about.php?subloc¯filiate&lB7 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -----------------------------------------------------------------