Home page logo

bugtraq logo Bugtraq mailing list archives

CGIForum 1.0 Vulnerability
From: zorgon <zorgon () LINUXSTART COM>
Date: Mon, 20 Nov 2000 11:38:56 -0500


Date: 2000/11/20
Affected Application: CGIForum 1.0
        Markus Triska
        <triska () gmx at>

CGIForum is a free forum. We can set 'thesection' parameter to view
files on the vulnerable system with privileges of the user "nobody".

This is caused from OutputHTMLFile function in cgiforum.pl script where $section (= $thesection )  isn't checked (never 
besides in this script).


The author is informed.

zorgon <zorgon () linuxstart com>
Do you do Linux? :)
Get your FREE @linuxstart.com email address at: http://www.linuxstart.com

  By Date           By Thread  

Current thread:
  • CGIForum 1.0 Vulnerability zorgon (Nov 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]