Bugtraq mailing list archives

ROADS search system "show files" Vulnerability with "null bite" bug

From: UkR-XblP <cuctema () OK RU>
Date: Mon, 12 Feb 2001 17:17:07 +0300

Name: ROADS search system "show files" Vulnerability with
"null bite" bug
Date: 29.01.2001
About: The search.pl program is a Common Gateway Interface
(CGI) program used to provide an end user search front end
to ROADS databases. When accessed with no CGI query, the
program can return an HTML form to the user to fill in to
make a query. This form can be designed by the SBIG
Administrator and can include a number of options. The
default form for this installation is held in the search
directory under the ROADS config directory by
http://www.roads.lut.ac.uk
Problem: Through this bug you can see any files, bug works
on every system were perl is installed. "%00" - means hex
symbol of the end of the line, used in C,C++ and perl.
Author: UkR-XblP
Exploit: http://www.victim.com/ROADS/cgi-bin/search.pl?form=url_to_any_file%00
Get your free e-mail address at http://www.zmail.ru

Current thread:

ROADS search system "show files" Vulnerability with "null bite" bug UkR-XblP (Feb 12)
- Re: ROADS search system "show files" Vulnerability with "null bite" bug Martin Hamilton (Feb 15)