Bugtraq mailing list archives
Pollit CGI-script opens doors!
From: biohazardhq () YAHOO COM (The Warlock)
Date: Tue, 11 Jul 2000 11:03:24 +0200
Description: Bug in Poll_It_SSI_v2.0.cgi reveals info. Compromise: Accessing files that arn't in the web-dir. Vulnerable Systems: Pollit v2.0 (only tested version). Details: When you run the Pollit CGI script ALL your world readable files could be accessed by any web user, for example your /etc/passwd file could be opened to get valid usernames and maybe passwords. How to exploit this bug? Simply request http://www.targethost.com/pollit/Poll_It_v2.0.cgi?data_dir=\etc\passwd%00 and the passwd file is presented in your browser. Files that are world readable could be accessed. Solution: I'am not aware of any solution probably debuging or removeing the script is the best solution. BR, Jan van de Rijt aka The Warlock. -------------------------------------------------- visit The BioHazard HQ, http://go.to/biohazardhq Tools, RFC's, Rainbow-books, Virii and more. --------------------------------------------------
Current thread:
- Pollit CGI-script opens doors! The Warlock (Jul 11)
- Logdaemon ftpd and setproctitle() Wietse Venema (Jul 10)
- Re: Pollit CGI-script opens doors! jerry (Jul 11)
- REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Eric Hines (Jul 11)
- Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Andrew L . Davis (Jul 11)
- Updated - Microsoft Security Bulletin (MS00-041) Microsoft Product Security (Jul 12)
- Netscape SmartDownload reports file information to AOL John L. Morello (Jul 12)
- RSA Aceserver UDP Flood Vulnerability Gwendolynn ferch Elydyr (Jul 12)
- ftp.pl vulnerability zillion @ safemode (Jul 12)
- ISC DHCP client v2 hole fixed...or not? Pavel Kankovsky (Jul 12)
- cvsweb: remote shell for cvs committers Joey Hess (Jul 12)
(Thread continues...)