rejetto forum

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - xpl01t

Pages: 1 2
Thanks for your report, by the way this vulnerability was already fixed in the last version

What do you mean with unlock? password protected? if so make sure that who download file send the correct basic auth headers

Bug reports / Re: CVE-2014-6287: Remote Code Execution in HFS 2.3
« on: October 06, 2014, 12:32:46 PM »
Hi mubix i'm Daniele Linguaglossa, rejetto was already informed about this and this vulnerability is fixed in 2.3c version,anyway thanks for your support


HFS ~ HTTP File Server / HFS 2.3d coming soon
« on: September 30, 2014, 06:52:14 PM »
A new release of HFS (version 2.3d) will come as soon as possible it will fix a new critical flaw , so all users are invited to upgrade their version when it will be available.


Daniele Linguaglossa

HFS ~ HTTP File Server / Re: Hacker?
« on: September 26, 2014, 02:04:49 PM »
This is an hacking attempt update your version to 2.3c

HFS ~ HTTP File Server / Re: Improving security
« on: September 14, 2014, 05:29:10 PM »
I'm pleased to work with you regarding fixing these security flaws and help hfs project to become a better tool, definitely risks-free  ;D

HFS ~ HTTP File Server / Re: New version: 2.3b
« on: September 11, 2014, 07:38:44 AM »
These exploits can be applied to any 2.3x server and they are considered "level critical" an important patch will come soon

HFS ~ HTTP File Server / Re: New version: 2.3b
« on: September 09, 2014, 12:29:51 PM »
E' molto semplice io ho fatto una richesta per avere un cve id univoco , dal momento che tu non l'hai mai chiesto per il tuo programma in quanto non usi bugtraq , loro hanno bisogno di verificare l'id col tuo prodotto quindi ad un certo punto ti metterò in copia nelle mail e dovrai semplicemente confermare la richesta dell'id dicendo che ti ho comunicato la vulnerabilità , ovviamente prima di renderla public ti aiuterò a fixarla.Una volta ricevuto l'id ci sarà un ente certificatore che esaminerà la vulnerabilità per renderla elegibile se mi va bene la pubblicano, io guadagno un CVE a mio nome e tu una vulnerabilità in meno in oltre tutti gli utenti ne verranno a conoscenza essendo public e certificata e faranno l'upgrade del tuo prodotto.

Fammi sapere se ti sta bene

HFS ~ HTTP File Server / Re: New version: 2.3b
« on: September 08, 2014, 11:10:11 PM »
rejetto ascoltami se tu dai una mano a me io do una mano a te vorrei fai diventare la vulnerabilità un cve ma serve il tuo consenso una volta rilasciata ti spiego come fixarla

HFS ~ HTTP File Server / Re: New version: 2.3b
« on: September 07, 2014, 08:35:07 AM »
Sai qual'è il fatto..ho visto almeno 10 post che parlano di strani comportamenti ma nessuno si è fermato a capire il perché di questi comportamenti.

HFS ~ HTTP File Server / Re: New version: 2.3b
« on: August 26, 2014, 11:46:04 PM »
bmartino1 i appreciate your effort in doing this but you're totally wrong there's no hfs framework nor hfs terminal , the framework you saw is an exploitation framework made by me with all useful stuff and scripting calling convention is just my preference everything you saw in video is self made i never looked into hfs source I don't need it...

HFS ~ HTTP File Server / Re: New version: 2.3b
« on: August 26, 2014, 01:56:07 PM »
I think it's time to take a better look  ;) it's becoming a really bad exploit

HFS ~ HTTP File Server / Re: New version: 2.3b
« on: August 25, 2014, 04:12:31 PM »

I'm the author so stop posting bullshits:) and i don't want share it i defaced many sites with different names (godness_god , DZONE, MUMMY and many more) script is private and i'm still finishing it with new features .. rejetto review your code this is enough


Pages: 1 2