[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fernando Gont remote command execution and big mouth vulnerability

Oh I see... ppl loves to put ur name in their websites ... HEH!!!


u removed the link in the tools (dig) section of:
http://www.gont.com.ar   nice try ....

http://thor.prohosting.com/fgont/cgi-bin/dig.pl
http://thor.prohosting.com/fgont/cgi-bin/whois.pl

also your dig script have a directory listing bug... just adding * in
the query....


   dig *
; <<>> DiG 8.3 <<>> cgi-lib.pl cli.pl dig.pl fuente.cgi p1.txt
p1dig.txt p1host.txt p1ns.txt p1whois.txt p2.txt p2dig.txt p2h
ost.txt p2ns.txt p2whois.txt whois.cgi whois.pl
;; res options: init recurs defnam dnsrch


------

                                                                Gont's
web site - Tools - whois (p1 of 13)

                    Web Hosting | Free Web Hosting | School Websites |
Teacher Websites | VChocolates
                    [banner_sign_up.gif]
                    Chocolates | Toffee | Caramels | Truffles | Search
| Heavy Equipment | Fitness |

                                                          Tools
                                                          whois


                            whois(1) manual page
     
_______________________________________________________________________________________________________________

   whois ________________________________________
     
_______________________________________________________________________________________________________________

   whois cat *
# Perl Routines to Manipulate CGI input
# cgi-lib@xxxxxxxxx
# $Id: cgi-lib.pl,v 2.17 1998/05/14 22:39:23 brenner Exp $
#
# Copyright (c) 1993-1998 Steven E. Brenner
# Unpublished work.
# Permission granted to use and modify this library so long as the
# copyright above is maintained, modifications are documented, and
# credit is given for any use of the library.
#
# Thanks are due to many people for reporting bugs and suggestions
....

 Gont's web site
   Contact Fernando Gont at fernando@xxxxxxxxxxx
     
_______________________________________________________________________________________________________________

   Gont's web site
   Contact Fernando Gont at fernando@xxxxxxxxxxx
     
_______________________________________________________________________________________________________________

   Gont's web site
   Contact Fernando Gont at fernando@xxxxxxxxxxx
     
_______________________________________________________________________________________________________________

   Gont's web site
   Contact Fernando Gont at fernando@xxxxxxxxxxx
   ELF D4ç4 (444ç@ç@ççç````ç`çTçX
çççç/usr/libexec/ld-elf.so.1FreeBSDS%+ ' )(!& $*%"
#ççç':çD/çT#ççè,ç%1
   8ççèççç`ç
     çDfèççRTçYtçççèçYdïtç+ççççLèçWç
   
W]$[h4çlibc.so.4warnx__stdoutpconnect_DYNAMICerrxoptargsocketfflushfreeaddrinfo_init_DefaultRuneLocalegai_strerrorenviron


......

"My site does not contan scripts" (since you removed the link).
"and is hosted on an OpenBSD server" Then fuck you and theo


Regards!!!

Attachment: fgont.jpg
Description: JPEG image

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/