Could you please provide some more specific information regarding the bugs you have found? For example, a simple google query for "inurl:index.cgi" yields over two million results, and I seriously doubt that those are all vulnerable - which product(s) are we talking about here, and which version(s)? This information would greatly enhance the ability of those who are either writing or using the vulnerable software, to deal with the problem.. Kind regards, David van Moolenbroek "fireboy fireboy" wrote: > > > Tunis 24/04/2005 > BUG found by fireboy > fireboy@xxxxxxxxxxxx > > > > THERE ARE SOME BUGS IN index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM > > IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE > > > > 1)file showing > http://www.target.com/index.cgi?/etc/passwd > > > 2)CSS > http://www.target.com/index.cgi?<script>alert(document.cookie)< /script> > > > greetz to all magattack members www.magattack.tk
