exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files from Black Watch Labs

Email addressblackwatchlabs at perfectotech.com
First Active2000-05-15
Last Active2000-12-07
BWL-00-04.txt
Posted Dec 7, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-04 (April 6, 2000) - BizDB is a database and search engine software by Cnctek. Part of the installation is a CGI script, ?bizdb-search.cgi? which is used to search the bizdb database. This script is vulnerable to modification of its paramater, in such way that causes it to run user provided shell commands on the server. Exploit URL's included. These issues have been resolved in newer versions of this software, make sure to upgrade!

tags | shell, cgi
SHA-256 | 24a4ed5c6abb15a3bce91a5494875ecada0d11f6a7bde42b93605a2e1bbe0bd7
BWL-00-01.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-01 (Feb 17, 2000) - Search Engines (e.g. AltaVista and InfoSeek) can be used to reveal potential application-level vulnerabilities in indexed web sites. Easily formed queries which incorporate the "signature" of a suspected vulnerability can be used to list the sites which match the signature, that is, which contain the "suspicious" content. In some cases, hundreds of thousands of web sites can be located with one query. Check your site with the Site Checker, available here.

tags | web, vulnerability
SHA-256 | b23b5c9a49d3431454f6f18165fc7b311b2ec51ba209fb0c03bbdb689e5d4cb5
BWL-00-02.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-02 (March 6, 2000) - Weak Token in Mail.Com Application Allows Compromise of Arbitrary User's Data. A mail application used by some free mail services employs a weak security scheme. It assigns session-IDs ("tokens") for logged-in users which allow reading of arbitrary users' messages and private information.

tags | arbitrary
SHA-256 | 7815a9188518f7dca9bb895ee2d46cbe8a4c31d7ce086fa88d7be614939b7586
BWL-00-03.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-03 (March 21, 2000) - Some Infonautics' applications utilize the getdoc.cgi CGI in such a way that allows attackers to gain (read) access to a document they would otherwise have to pay in order to view. Exploit information included.

tags | cgi
SHA-256 | 452d7b13a78df9296b9e59cb7fe9b53a341a3e312bef4a8b78dbb6ff6b070cba
BWL-00-05.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-05 (May 5, 2000) - Gossamer Threads DBMan (db.cgi) allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible. DBMan dumps useful information (e.g. script location, HTTP root, version of Perl, server_admin, server_name, path) to the browser when the database file provided is incorrect. Perl exploit included.

tags | web, cgi, root, perl
SHA-256 | 485c3ed371b4d4908dc15aa1b5897004475b7ec04963a5c0d18aa9f693cc295d
BWL-00-06.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-06 (May 10, 2000) - Environment and Setup Variables can be Viewed through FormMail.cgi Script. The FormMail.cgi script allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible. The script will also happily send mail to an attackers mail account instead for analysis.

tags | cgi
SHA-256 | 135d0a527bf7c613354d24bb5a6f2d074464d55112223f28116ab0b356802998
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close