Bugtraq mailing list archives
Minor bug in Pagelog.cgi
From: Mark Stratman <mstrat1 () UIC EDU>
Date: Sun, 29 Oct 2000 05:25:08 -0600
There is a small bug in PAGELOG.cgi by Metertek (Metertek () yahoo com) which allows users to create and view files. Any file on the system with a '.log' extension readable by the uid/gid of the webserver can be viewed. In addition, two files with extensions of '.txt' and '.log' can be created in any directory on the system that is writable by the web server. This bug lies in the failure of the script to check for directory traversal. Proofs of concept: Viewing '.log' file: Create a file 'a.log' in tmp. http://server/cgi-bin/pagelog.cgi?display=../../../../tmp/a This will let you view a.log Creating files: http://server/cgi-bin/pagelog.cgi?name=../../../../../tmp/blah This will create blah.txt and blah.log in /tmp/ The script can be found at http://members.nbci.com/metertek/archive/ cheers. Mark Stratman (count0) (mstrat1 () uic edu) http://sporkstorms.org
Current thread:
- Minor bug in Pagelog.cgi Mark Stratman (Oct 30)
- Re: Minor bug in Pagelog.cgi HT Regz (Oct 31)