Is this exploitable?

Unknown · July 2010

http://67.222.38.139/upload/

I was looking around the server which a "friend" hosts his site on, and found this uploader. Wondered if it was secure or not.

Onesan · July 2010

I havnt toyed with the thing yet i can tell you already your "friend" assuming he/she/its a friend, should bust out vi and change the configuration to not announce stuff like

Server: Apache/2.2.15 (CentOS) mod_ssl/2.2.15 0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635

Not that the above info is immediately a danger to his server but quite frankly the world simply doesn't need to know that

Unknown · July 2010

They're really not my friend. It's someone I know, but not anyone I'm friends with. He's just a fag. Thanks for the analysis anyway :P

13579 · July 2010

If by 'exploitable', you mean 'able to have CP uploaded to it via tor', then...Yes. Yes it is.

HTS-Noob · July 2010

da teacha · July 2010

oh kurwa, is this the mod material we'll have to come to expect? Grow up, son.

Pandoras Assassin · July 2010

I submitted some TJ pics.

Fuck the FBI · July 2010

what is that, even? btw I uploaded a pic

Unknown · July 2010

Fuck the FBI wrote: »

what is that, even? btw I uploaded a pic

Basically, the backstory is this....

A guy I know online started up a forum. The hosting ran out, and he got hosted on this guy's server. I put the IP address of the server into my browser, found out it was a dedicated server and found all these directories on it. One of the directories was "upload", which I posted here.

Also, the server is shit-easy to DoS. Doing it with one computer, I crashed the server for at least 20 minutes.

That is all.

Pill Popper · July 2010

Upload the goatse every two minutes

Is this exploitable?

Comments

Quick Links

Categories