Bugtraq mailing list archives
Perception LiteServe MS-DOS filename vulnerability
From: Wizdumb <wizdumb () unix za net>
Date: Mon, 25 Jun 2001 09:30:20 +0200 (SAST)
Perception LiteServe <http://www.cmfperception.com/liteserve.html> is a Web, FTP and e-Mail server for Win*. When GET requests are made to LiteServe's webserver with the name of the cgi-bin directory as a MS-DOS directory name (eg. cgi-shizznitch=CGI-SH~1 and cgi-bin=CGI-BIN), LiteServe will read the script instead of executing it. The vendor has been informed, and a fixed version (v1.28) is now available on Perception's website. Thanks to Chris Fillion for his prompt response. Cheers, Andrew Lewis --- wizdumb () leet org http://www.mdma.za.net/fk
Current thread:
- Perception LiteServe MS-DOS filename vulnerability Wizdumb (Jun 25)