Bugtraq mailing list archives
[Ksecurity Advisory] main.cgi in technote
From: Ksecurity <ksecurity () ILAND CO KR>
Date: Wed, 27 Dec 2000 14:27:53 -0000
Ksecurity Advisory subject: Insecure input validation in technote main.cgi affected version:technote 2000 maybe technote 2001 technote is a famous korea cgi board. http://www.technote.co.kr in main.cgi ,failed properly validate user input which arguments a call to open(). FREE_BOARD is a default db http://localhost/technote/main.cgi/oops? board=FREE_BOARD&command= down_load&filename=/../../../main.cgi vendor status reported bug to e-mail In OpenBSD land, the pain is quick, at least. -- Theo de Raadt ;) regards Ksecurity(korea security group)
Current thread:
- [Ksecurity Advisory] main.cgi in technote Ksecurity (Dec 27)