mailing list archives
More problems with Auction Weaver & CGI Script Center.
From: teleh0r - <teleh0r () DOGLOVER COM>
Date: Fri, 1 Sep 2000 09:36:21 -0400
There seem to be a misunderstanding about the
exploit I wrote for Auction Weaver 1.2. It appears
that quite a few believed that that was a exploit for
the problem found by Meliksah Ozoral.
My exploit has nothing to do with that problem, except
that is exploits the same script ;) The one I wrote,
exploits a unsecure open(...) in the script, which allows
a user to execute commands under the uid of the http daemon.
So, to all users of Auction Weaver 1.2, you are far from secure yet,
I just hope CGI Script Center as fixed this one as well.
I am sorry for not expressing myself clearer.
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
- More problems with Auction Weaver & CGI Script Center. teleh0r - (Sep 01)