SimpleChat

From: subj (r2subj3ctat_private)
Date: Wed Mar 19 2003 - 19:33:03 PST

Next message: Daniel Ahlberg: "GLSA: openssl (200303-15)"

Previous message: Suresh Ramasubramanian: "Re: [INetCop Security Advisory] ++Danger++ Outblaze Web based e-mail that is exposed in very dangerous state !!!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Product : SimpleChat! Version : 1.3 WebSite : http://hot-things.net Problem : Private info viewing Description: ------------ In a directory /data/ the file containing the information on users of a chat lays (taking place in a chat at present), to which any interested person can receive access. The file looks approximately so: 1048102503: |:127.0.0.1: |:subj: |:w1 1048102799: |:127.0.0.1: |:clark: |:w2 In the given situation we receive IP the user. Exploit: -------- http://[somehost]/chat/data/usr Link: ----- www.dwcgr0up.com Fixs: ----- U can finf all our fix on our homepage [www.dwcgroup.com] Thanks: ------- GipsHack : DHGroup : EXploit.ru : p0is0n : de1irium Contact: -------- r2subj3ctat_private irc.dwcgr0up.biz @ #dwc

Next message: Daniel Ahlberg: "GLSA: openssl (200303-15)"
Previous message: Suresh Ramasubramanian: "Re: [INetCop Security Advisory] ++Danger++ Outblaze Web based e-mail that is exposed in very dangerous state !!!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 21 2003 - 16:10:51 PST