New version: 2.3b

[rejetto]

download @ http://www.rejetto.com/hfs/download

what's new
  Security fixes


In details:
- fixed default template for serious security flaws
- fixed possible discovery of server paths
- fixed "bind root to real folder"
- fixed {.load tpl.} not applying to some pages http://www.rejetto.com/forum/html-templates/multiple-templates-based-on-browser/msg1058862/#msg1058862
- fixed {.filename.} and {.filepath.} to work with backslashes

[rejetto]

BE CAREFUL: everyone who customized the default template the raw way, by editing it, aren't safe even updating.
The security problems were in the template, so you need to use the updated one.
When you edit the template, you stop getting updates.
The correct way to make changes is to use the diff template feature, so to apply changes but leaving the original template untouched.
If you are not sure, reset your template and redo the changes you need: better safe than sorry.

[bmartino1]

can you post the new hfs.tpl file for download?
NVM:

see attach

[xpl01t]

Check this it's a kind of help anyway

https://www.youtube.com/watch?v=lKPrLTpAatw&feature=youtu.be

[bmartino1]

Lolz.. Really!...



well, rejeto, i thnk it time to :
Code-Lock:

http://download.cnet.com/Code-Lock/3000-2216_4-10071448.html

-----
Actualy its quite intresting code behind it...

assumed to be using net frame work debug utilites.../ python code he created...


Startes by opening hfs framwork terminal...

opening up the faramwork side on the hfs program. Ie the console temial that runs the hfs code..:

using comands:
Eith scripted progams he created/and or farmework debnug code to enter into and use:
In a python code terminal window:

use frmwrk/froesencisc/stoplog

Supplying the "ip adress of the machine runnign hfs
and Port http is running on

---to stop loggin...(so you can't track it back down...---

use frmwrk/exploits/deface

Supplying the "ip adress of the machine runnign hfs
and Port http is running on
THen the texzt info ie the name...

--THen to deface its http side and replace it with a new out goin text page..
with an overline...
(using secondary scripts)- unknown
----

[xpl01t]

I think it's time to take a better look  it's becoming a really bad exploit http://youtu.be/1vV2V7ePxp8

[xpl01t]

bmartino1 i appreciate your effort in doing this but you're totally wrong there's no hfs framework nor hfs terminal , the framework you saw is an exploitation framework made by me with all useful stuff and scripting calling convention is just my preference everything you saw in video is self made i never looked into hfs source I don't need it...

[rejetto]

Daniele at first i thought you was going to help.
I'm sorry to disappoint you, but i don't have time for this game. I made HFS when i was a student. Now I work all day and barely find the time to shop for milk and bread. Only 1% of my time is programming on HFS, the rest is giving support, helping the users.
I already did my best in the little time i snatched last weekend. That's it. Good luck.

[LeoNeeson]

I think he wants to build a reputation as hacker, so in that case, he should be sending the exploit to exploit-db.com. If he doesn't upload the exploit there, it means this is all a fake and this exploit it doesn't really exists. Period.

[SilentPliz]

Hi! boss!

Good news... good release!


But I don't find 2.3b Build #290 sources code.

[rejetto]

Sorry, I need to update my automatic publication procedure so to push sources as well.
I hope to do it soon but these days are harder, since a person left the office 2 months ago, i inherited his workload and we didn't find another yet.

[LeoNeeson]

But I don't find 2.3b Build #290 sources code.

That's right, thanks for bring it up. I didn't say anything before, to not bother him. But it's true, in the 'Download' section, it links to 'hfs2.3b_290.src.zip' in SourceForge.net, but there aren't any file for v2.3b Build #290.

Sorry, I need to update my automatic publication procedure so to push sources as well. I hope to do it soon but these days are harder, since a person left the office 2 months ago, i inherited his workload and we didn't find another yet.

I do understand you, there is not hurry. I think you can at least upload your sources, directly to melauto.it or webfactional.com hosts (the same hosting you use for your executables), instead of using sourceforge.net at all. May be it's easier to you. I'm just thinking out loud...

Anyway, I wish you all the best Rejetto, you are doing a great job, even when some people don't want to collaborate (**cough**daniele*cough**)....

[xpl01t]

Sai qual'è il fatto..ho visto almeno 10 post che parlano di strani comportamenti ma nessuno si è fermato a capire il perché di questi comportamenti.

[rejetto]

Non so a che ti riferisci. Me ne linki uno per capire?

[xpl01t]

rejetto ascoltami se tu dai una mano a me io do una mano a te vorrei fai diventare la vulnerabilità un cve ma serve il tuo consenso una volta rilasciata ti spiego come fixarla