cgi-script directorypro.cgi is vulnerable to a directory traversal. http://target/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/motd%00 I didn't looked at the source of the script but it is probably a script wat normally puts an extension to the requested file. But bij putting the %00 (NULL) character at the end of your request you can bypass this. The extension will be appended but the string is read till a NULL character is found, so before the extension. Didn't find any report of this bug on securityfocus and google. And didn't inform vendor because i don't know who it is =) Greetings marshal (la~onda) -- [ url : http://www.startplaza.nu | security news & links ] [ url : http://www.heknet.com | security news & exploits ]
This archive was generated by hypermail 2b30 : Mon May 28 2001 - 11:55:29 PDT