Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Tue Aug 31 2010 - 15:42:21 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Thought I'd share this...found an LFI on gawker which is on the
same server as Kotaku and other sites part of their 'network'
^ works for gawker as well, just replace the name
Full source code of the offending page http://pastebin.com/eWuExuke
newline characters are stripped out however...
This was the original 'LFI' I used to get the source code
It seems to be fixed today though. But the other LFI above still
AFAIK it's not exploitable beyond the obvious information
disclosures, as they don't allow read access to logfiles, and
/proc/self/environ is unreadable. Still amusing to find this on
-----BEGIN PGP SIGNATURE-----
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/