Bugtraq mailing list archives

Re: index.cgi script XSS + file show

From: "D.C. van Moolenbroek" <xanadu () chello nl>
Date: Mon, 25 Apr 2005 22:22:34 +0200

Could you please provide some more specific information regarding the
bugs you have found? For example, a simple google query for
"inurl:index.cgi" yields over two million results, and I seriously doubt
that those are all vulnerable - which product(s) are we talking about
here, and which version(s)? This information would greatly enhance the
ability of those who are either writing or using the vulnerable
software, to deal with the problem..

Kind regards,
David van Moolenbroek

"fireboy fireboy" wrote:



Tunis 24/04/2005
BUG found by fireboy
fireboy () webmails com



THERE ARE SOME BUGS IN index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES

IN A SYSTEM


IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE



1)file showing
http://www.target.com/index.cgi?/etc/passwd


2)CSS

http://www.target.com/index.cgi?&lt;script&gt;alert(document.cookie)&lt;
/script&gt;



greetz to all magattack members www.magattack.tk

Current thread:

index.cgi script XSS + file show fireboy fireboy (Apr 25)
- Re: index.cgi script XSS + file show D.C. van Moolenbroek (Apr 25)