Messages

1

HFS ~ HTTP File Server / Re: Rejetto HTTP File Server (HFS) search feature fails to handle null bytes

« on: November 05, 2014, 03:26:45 PM »

Thanks for your report, by the way this vulnerability was already fixed in the last version

2

HFS ~ HTTP File Server / Re: Logging Into A HFS Hosted Website On A Home Console's Web Browser?

« on: October 13, 2014, 11:36:36 AM »

What do you mean with unlock? password protected? if so make sure that who download file send the correct basic auth headers

3

Bug reports / Re: CVE-2014-6287: Remote Code Execution in HFS 2.3

« on: October 06, 2014, 12:32:46 PM »

Hi mubix i'm Daniele Linguaglossa, rejetto was already informed about this and this vulnerability is fixed in 2.3c version,anyway thanks for your support

Cheers

4

HFS ~ HTTP File Server / HFS 2.3d coming soon

« on: September 30, 2014, 06:52:14 PM »

A new release of HFS (version 2.3d) will come as soon as possible it will fix a new critical flaw , so all users are invited to upgrade their version when it will be available.

Thanks

Daniele Linguaglossa

5

HFS ~ HTTP File Server / Re: Hacker?

« on: September 26, 2014, 02:04:49 PM »

This is an hacking attempt update your version to 2.3c

6

HFS ~ HTTP File Server / Re: Improving security

« on: September 14, 2014, 05:29:10 PM »

I'm pleased to work with you regarding fixing these security flaws and help hfs project to become a better tool, definitely risks-free 

7

HFS ~ HTTP File Server / Re: New version: 2.3b

« on: September 11, 2014, 07:38:44 AM »

These exploits can be applied to any 2.3x server and they are considered "level critical" an important patch will come soon

8

HFS ~ HTTP File Server / Re: New version: 2.3b

« on: September 09, 2014, 12:29:51 PM »

E' molto semplice io ho fatto una richesta per avere un cve id univoco , dal momento che tu non l'hai mai chiesto per il tuo programma in quanto non usi bugtraq , loro hanno bisogno di verificare l'id col tuo prodotto quindi ad un certo punto ti metterò in copia nelle mail e dovrai semplicemente confermare la richesta dell'id dicendo che ti ho comunicato la vulnerabilità , ovviamente prima di renderla public ti aiuterò a fixarla.Una volta ricevuto l'id ci sarà un ente certificatore che esaminerà la vulnerabilità per renderla elegibile se mi va bene la pubblicano, io guadagno un CVE a mio nome e tu una vulnerabilità in meno in oltre tutti gli utenti ne verranno a conoscenza essendo public e certificata e faranno l'upgrade del tuo prodotto.

Fammi sapere se ti sta bene

9

HFS ~ HTTP File Server / Re: New version: 2.3b

« on: September 08, 2014, 11:10:11 PM »

rejetto ascoltami se tu dai una mano a me io do una mano a te vorrei fai diventare la vulnerabilità un cve ma serve il tuo consenso una volta rilasciata ti spiego come fixarla

10

HFS ~ HTTP File Server / Re: New version: 2.3b

« on: September 07, 2014, 08:35:07 AM »

Sai qual'è il fatto..ho visto almeno 10 post che parlano di strani comportamenti ma nessuno si è fermato a capire il perché di questi comportamenti.

11

HFS ~ HTTP File Server / Re: New version: 2.3b

« on: August 26, 2014, 11:46:04 PM »

bmartino1 i appreciate your effort in doing this but you're totally wrong there's no hfs framework nor hfs terminal , the framework you saw is an exploitation framework made by me with all useful stuff and scripting calling convention is just my preference everything you saw in video is self made i never looked into hfs source I don't need it...

12

HFS ~ HTTP File Server / Re: New version: 2.3b

« on: August 26, 2014, 01:56:07 PM »

I think it's time to take a better look  it's becoming a really bad exploit http://youtu.be/1vV2V7ePxp8

13

HFS ~ HTTP File Server / Re: New version: 2.3b

« on: August 25, 2014, 04:12:31 PM »

Check this it's a kind of help anyway

https://www.youtube.com/watch?v=lKPrLTpAatw&feature=youtu.be

14

HFS ~ HTTP File Server / Re: [HFS 2.3a] 0Day Vulnerability discovered by me!

« on: August 18, 2014, 04:00:19 PM »

I'm the author so stop posting bullshits:) and i don't want share it i defaced many sites with different names (godness_god , DZONE, MUMMY and many more) script is private and i'm still finishing it with new features .. rejetto review your code this is enough

15

HFS ~ HTTP File Server / Re: [HFS 2.3a] 0Day Vulnerability discovered by me!

« on: August 05, 2014, 10:48:39 PM »

closed.