Home page logo

bugtraq logo Bugtraq mailing list archives

More problems with Auction Weaver & CGI Script Center.
From: teleh0r - <teleh0r () DOGLOVER COM>
Date: Fri, 1 Sep 2000 09:36:21 -0400

There seem to be a misunderstanding about the
exploit I wrote for Auction Weaver 1.2. It appears
that quite a few believed that that was a exploit for
the problem found by Meliksah Ozoral.

My exploit has nothing to do with that problem, except
that is exploits the same script ;) The one I wrote,
exploits a unsecure open(...) in the script, which allows
a user to execute commands under the uid of the http daemon.

So, to all users of Auction Weaver 1.2, you are far from secure yet,
I just hope CGI Script Center as fixed this one as well.

I am sorry for not expressing myself clearer.

Sincerely yours,

FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]