Tamer, You may want to correct yourself. You discovered http://target/% on an OLD (Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 are vulnerable.) version. I found a different bug in there latest version (which was 2.2.9.0. at the time) by requesting a GET / with 4096 ?'s. Now how would this be the same as you released? Care to explain? --------------------------- -badpack3t www.security-protocols.com --------------------------- > Hi Folks, > > I contributed the vulnurability about Xeneo Webserver, mentioned below, > to iDefense on 4th, November 2002. All rights on this vulnurability > belongs to me and iDefense. > > Craps, > http://lists.netsys.com/pipermail/full-disclosure/2003-April/009371.html > http://lists.netsys.com/pipermail/full-disclosure/2003-April/009386.html > > My Advisories at iDefense, > http://www.idefense.com/advisory/11.04.02b.txt > > Please, without searching well, do not publish these kind of advisories. > > Cheers, > > Tamer Sahin > http://www.securityoffice.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 12:24:52 PDT