Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[Ksecurity Advisory] main.cgi in technote

From: Ksecurity <ksecurity () ILAND CO KR>
Date: Wed, 27 Dec 2000 14:27:53 -0000
Ksecurity Advisory

subject: Insecure input validation in technote main.cgi 
affected version:technote 2000
maybe technote 2001


technote is a famous korea cgi board.

http://www.technote.co.kr

in main.cgi ,failed properly validate user input 
which arguments a call to open(). 

FREE_BOARD is a default db

http://localhost/technote/main.cgi/oops?
board=FREE_BOARD&command=
down_load&filename=/../../../main.cgi


vendor status
reported bug to e-mail



In OpenBSD land, the pain is quick, at least.
                                             -- Theo de Raadt ;)

regards
Ksecurity(korea security group)
Previous By Date Next
Previous By Thread Next

Current thread: