A couple NASLs for simple CGI traversals

From: Andrew Hintz (Drew) (mail.drewat_private)
Date: Fri Jan 04 2002 - 09:45:34 PST

Next message: sq: "Re: A couple NASLs for simple CGI traversals"

Previous message: H D Moore: "New Microsoft SQL Server Plugins!"
In reply to: H D Moore: "New Microsoft SQL Server Plugins!"
Next in thread: sq: "Re: A couple NASLs for simple CGI traversals"
Reply: sq: "Re: A couple NASLs for simple CGI traversals"
Reply: Georges Dagousset: "Re: A couple NASLs for simple CGI traversals"
Reply: sq: "Re: A couple NASLs for simple CGI traversals"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here are NASLs for the zml.cgi and the PHP Rocket Add-in directory traversals.

Is there a KB item for the name of the cgi-bin directory?

Also, for directory traversals is there a standard file to check for on Unix boxes?  (In these two nasls I just use /etc/passwd and grep for root: and :0:0: to verify that it's actually /etc/passwd)

-- 
^Drew

http://guh.nu

--Begin PGP Fingerprint--
3C6C F712 0A52 BD33 C518  5798 9014 CA99 2DA0 5E78
--End PGP Fingerprint--

text/plain attachment: zml.cgi_traversal.nasl

text/plain attachment: phprocketaddin_traversal.nasl

Next message: sq: "Re: A couple NASLs for simple CGI traversals"
Previous message: H D Moore: "New Microsoft SQL Server Plugins!"
In reply to: H D Moore: "New Microsoft SQL Server Plugins!"
Next in thread: sq: "Re: A couple NASLs for simple CGI traversals"
Reply: sq: "Re: A couple NASLs for simple CGI traversals"
Reply: Georges Dagousset: "Re: A couple NASLs for simple CGI traversals"
Reply: sq: "Re: A couple NASLs for simple CGI traversals"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 09:39:58 PST