Bugtraq mailing list archives
Re: MondoSearch show the source of all files
From: Orp 664 <orp644 () yahoo com>
Date: 19 Oct 2002 08:10:44 -0000
In-Reply-To: <20021010180935.14148.qmail () mail securityfocus com>
Received: (qmail 22343 invoked from network); 10 Oct 2002 18:54:28 -0000 Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
by mail.securityfocus.com with SMTP; 10 Oct 2002 18:54:28 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing.securityfocus.com (Postfix) with QMQP id E32B88F2D4; Thu, 10 Oct 2002 11:59:02 -0600 (MDT) Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq () securityfocus com> List-Help: <mailto:bugtraq-help () securityfocus com> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com> Delivered-To: mailing list bugtraq () securityfocus com Delivered-To: moderator for bugtraq () securityfocus com Received: (qmail 22655 invoked from network); 10 Oct 2002 18:05:58 -0000 Date: 10 Oct 2002 18:09:35 -0000 Message-ID: <20021010180935.14148.qmail () mail securityfocus com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: thefastkid <thefastkid () ziplip com> To: bugtraq () securityfocus com Subject: MondoSearch show the source of all files
Although the Mondosoft was not notified prior to the posting, Mondosoft has reacted quickly and have remedied the situation within 24 hours by which time all Mondosoft customers where notified. See the following: Secure your site without updating: http://www.mondosoft.com/security- info.asp Obtaining an update: http://www.mondosoft.com/security-update.asp
MondoSearch show the source of all files -------------------------------------------- Affected Program: MondoSearch 4.4 (possibly earlier versions too, but not tested) Vendor: http://www.mondosoft.com Vendor Status: not informed yet Discovery Date: 10 oct 2002 Problem ------- You can see the source of the files, who are in the same directory and subdirectories Example ------- http://www.foo/cgi-bin2/MsmMask.exe?mask=/ foo.asp ..to see the source of foo.asp in the root dir Solutions --------- * The program have to check if is real .cfg file
Current thread:
- MondoSearch show the source of all files thefastkid (Oct 10)
- <Possible follow-ups>
- Re: MondoSearch show the source of all files Orp 664 (Oct 19)