mailing list archives
directorypro.cgi , directory traversal
From: Marshal <marshal () marshal-soft com>
Date: Tue, 27 May 1980 13:22:21 +0200
cgi-script directorypro.cgi is vulnerable to a directory traversal.
I didn't looked at the source of the script but it is probably a script
wat normally puts an extension to the requested file.
But bij putting the %00 (NULL) character at the end of your request you
bypass this. The extension will be appended but the string is read till
NULL character is found, so before the extension.
Didn't find any report of this bug on securityfocus and google.
And didn't inform vendor because i don't know who it is =)
[ url : http://www.startplaza.nu | security news & links ]
[ url : http://www.heknet.com | security news & exploits ]
- directorypro.cgi , directory traversal Marshal (May 28)