Home page logo
/

bugtraq logo Bugtraq mailing list archives

directorypro.cgi , directory traversal
From: Marshal <marshal () marshal-soft com>
Date: Tue, 27 May 1980 13:22:21 +0200

cgi-script directorypro.cgi is vulnerable to a directory traversal.

http://target/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/motd%00

I didn't looked at the source of the script but it is probably a script
wat normally puts an extension to the requested file.
But bij putting the %00 (NULL) character at the end of your request you
can
bypass this. The extension will be appended but the string is read till
a
NULL character is found, so before the extension.

Didn't find any report of this bug on securityfocus and google.
And didn't inform vendor because i don't know who it is =)

Greetings

marshal (la~onda)
-- 
[ url  : http://www.startplaza.nu | security news & links    ]
[ url  : http://www.heknet.com    | security news & exploits ]


  By Date           By Thread  

Current thread:
  • directorypro.cgi , directory traversal Marshal (May 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]