Bugtraq mailing list archives
Re: index.cgi script XSS + file show
From: "D.C. van Moolenbroek" <xanadu () chello nl>
Date: Mon, 25 Apr 2005 22:22:34 +0200
Could you please provide some more specific information regarding the bugs you have found? For example, a simple google query for "inurl:index.cgi" yields over two million results, and I seriously doubt that those are all vulnerable - which product(s) are we talking about here, and which version(s)? This information would greatly enhance the ability of those who are either writing or using the vulnerable software, to deal with the problem.. Kind regards, David van Moolenbroek "fireboy fireboy" wrote:
Tunis 24/04/2005 BUG found by fireboy fireboy () webmails com THERE ARE SOME BUGS IN index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES
IN A SYSTEM
IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1)file showing http://www.target.com/index.cgi?/etc/passwd 2)CSS
http://www.target.com/index.cgi?<script>alert(document.cookie)< /script>
greetz to all magattack members www.magattack.tk
Current thread:
- index.cgi script XSS + file show fireboy fireboy (Apr 25)
- Re: index.cgi script XSS + file show D.C. van Moolenbroek (Apr 25)