Bugtraq mailing list archives
Re: Pollit CGI-script opens doors!
From: thegnome () NMRC ORG (Simple Nomad)
Date: Tue, 11 Jul 2000 13:21:13 -0500
It should be noted that the Poll_It_v2.0.cgi suffers from the same problem as Poll_It_SSI_v2.0.cgi. The fix is similar, move line 77 (%in = &ReadForm;) to line 66. Poll_It_v2.0.cgi is in the same distro as Poll_It_SSI_v2.0.cgi. - Simple Nomad - No rest for the Wicca'd - - thegnome () nmrc org - www.nmrc.org - - thegnome () razor bindview com - razor.bindview.com - On Tue, 11 Jul 2000, Max Vision wrote:
This was already reported to Bugtraq by Adrian Daminato on July 6th. http://www.securityfocus.com/bid/1431 On Tue, 11 Jul 2000, The Warlock wrote:Description: Bug in Poll_It_SSI_v2.0.cgi reveals info. Compromise: Accessing files that arn't in the web-dir. Vulnerable Systems: Pollit v2.0 (only tested version). Details: When you run the Pollit CGI script ALL your world readable files could be accessed by any web user, for example your /etc/passwd file could be opened to get valid usernames and maybe passwords. How to exploit this bug? Simply request http://www.targethost.com/pollit/Poll_It_v2.0.cgi?data_dir=\etc\passwd%00 and the passwd file is presented in your browser. Files that are world readable could be accessed. Solution: I'am not aware of any solution probably debuging or removeing the script is the best solution. BR, Jan van de Rijt aka The Warlock. -------------------------------------------------- visit The BioHazard HQ, http://go.to/biohazardhq Tools, RFC's, Rainbow-books, Virii and more. --------------------------------------------------
Current thread:
- cvsweb: remote shell for cvs committers, (continued)
- cvsweb: remote shell for cvs committers Joey Hess (Jul 12)
- FreeBSD Security Advisory: FreeBSD-SA-00:33.kerberosIV FreeBSD Security Advisories (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
- Lame DoS in WEBactive win65/NT server Prizm (Jul 13)
- Security Bulletins Digest patrick () PINE NL (Jul 13)
- More wIRCSrv stupidity Drew (Jul 13)
- Re: More wIRCSrv stupidity Alex Charalabidis (Jul 13)
- MDKSA-2000:019 cvsweb update Linux Mandrake Security Team (Jul 14)
- BIG BROTHER EXPLOIT Eric Hines (Jul 11)
- Re: Pollit CGI-script opens doors! Max Vision (Jul 11)
- Re: Pollit CGI-script opens doors! Simple Nomad (Jul 11)
- FreeBSD Ports Security Advisory: FreeBSD-SA-00:31.canna [REVISED] FreeBSD Security Advisories (Jul 11)