Bugtraq mailing list archives
Re: Pollit CGI-script opens doors!
From: jerry () PABIS NET PL (jerry)
Date: Tue, 11 Jul 2000 18:05:40 +0200
----- Original Message ----- From: The Warlock <biohazardhq () YAHOO COM> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Tuesday, July 11, 2000 11:03 AM Subject: Pollit CGI-script opens doors!
Description: Bug in Poll_It_SSI_v2.0.cgi reveals info. Compromise: Accessing files that arn't in the web-dir. Vulnerable Systems: Pollit v2.0 (only tested version). Details: When you run the Pollit CGI script ALL your world readable files could be accessed by any web user, for example your /etc/passwd file could be opened to get valid usernames and maybe passwords. How to exploit this bug? Simply request http://www.targethost.com/pollit/Poll_It_v2.0.cgi?data_dir=\etc\passwd%00 and the passwd file is presented in your browser. Files that are world readable could be accessed. Solution: I'am not aware of any solution probably debuging or removeing the script is the best solution.
the solution was given on 07.06 when Adrian Daminato was reporting this bug to Bugtraq
Current thread:
- Pollit CGI-script opens doors! The Warlock (Jul 11)
- Logdaemon ftpd and setproctitle() Wietse Venema (Jul 10)
- Re: Pollit CGI-script opens doors! jerry (Jul 11)
- REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Eric Hines (Jul 11)
- Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Andrew L . Davis (Jul 11)
- Updated - Microsoft Security Bulletin (MS00-041) Microsoft Product Security (Jul 12)
- Netscape SmartDownload reports file information to AOL John L. Morello (Jul 12)
- RSA Aceserver UDP Flood Vulnerability Gwendolynn ferch Elydyr (Jul 12)
- ftp.pl vulnerability zillion @ safemode (Jul 12)
- ISC DHCP client v2 hole fixed...or not? Pavel Kankovsky (Jul 12)
- cvsweb: remote shell for cvs committers Joey Hess (Jul 12)
- FreeBSD Security Advisory: FreeBSD-SA-00:33.kerberosIV FreeBSD Security Advisories (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
(Thread continues...)