Re: index.cgi script XSS + file show

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Could you please provide some more specific information regarding the
bugs you have found? For example, a simple google query for
"inurl:index.cgi" yields over two million results, and I seriously doubt
that those are all vulnerable - which product(s) are we talking about
here, and which version(s)? This information would greatly enhance the
ability of those who are either writing or using the vulnerable
software, to deal with the problem..

Kind regards,
David van Moolenbroek

"fireboy fireboy" wrote:
>
>
> Tunis 24/04/2005
> BUG found by fireboy
> fireboy@xxxxxxxxxxxx
>
>
>
> THERE ARE SOME BUGS IN index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES
IN A SYSTEM
>
> IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE
>
>
>
> 1)file showing
> http://www.target.com/index.cgi?/etc/passwd
>
>
> 2)CSS
>
http://www.target.com/index.cgi?<script>alert(document.cookie)<
/script>
>
>
> greetz to all magattack members www.magattack.tk


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux