Home page logo

bugtraq logo Bugtraq mailing list archives

directorypro.cgi , directory traversal
From: Marshal <marshal () marshal-soft com>
Date: Tue, 27 May 1980 13:22:21 +0200

cgi-script directorypro.cgi is vulnerable to a directory traversal.


I didn't looked at the source of the script but it is probably a script
wat normally puts an extension to the requested file.
But bij putting the %00 (NULL) character at the end of your request you
bypass this. The extension will be appended but the string is read till
NULL character is found, so before the extension.

Didn't find any report of this bug on securityfocus and google.
And didn't inform vendor because i don't know who it is =)


marshal (la~onda)
[ url  : http://www.startplaza.nu | security news & links    ]
[ url  : http://www.heknet.com    | security news & exploits ]

  By Date           By Thread  

Current thread:
  • directorypro.cgi , directory traversal Marshal (May 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]