Bugtraq mailing list archives
More problems with Auction Weaver & CGI Script Center.
From: teleh0r - <teleh0r () DOGLOVER COM>
Date: Fri, 1 Sep 2000 09:36:21 -0400
There seem to be a misunderstanding about the exploit I wrote for Auction Weaver 1.2. It appears that quite a few believed that that was a exploit for the problem found by Meliksah Ozoral. My exploit has nothing to do with that problem, except that is exploits the same script ;) The one I wrote, exploits a unsecure open(...) in the script, which allows a user to execute commands under the uid of the http daemon. So, to all users of Auction Weaver 1.2, you are far from secure yet, I just hope CGI Script Center as fixed this one as well. I am sorry for not expressing myself clearer. Sincerely yours, teleh0r ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- More problems with Auction Weaver & CGI Script Center. teleh0r - (Sep 01)
- <Possible follow-ups>
- Re: More problems with Auction Weaver & CGI Script Center. CGI Script Center Support (Sep 03)