More problems with Auction Weaver & CGI Script Center.

[teleh0r - <teleh0r () DOGLOVER COM>]

There seem to be a misunderstanding about the
exploit I wrote for Auction Weaver 1.2. It appears
that quite a few believed that that was a exploit for
the problem found by Meliksah Ozoral.

My exploit has nothing to do with that problem, except
that is exploits the same script ;) The one I wrote,
exploits a unsecure open(...) in the script, which allows
a user to execute commands under the uid of the http daemon.

So, to all users of Auction Weaver 1.2, you are far from secure yet,
I just hope CGI Script Center as fixed this one as well.

I am sorry for not expressing myself clearer.

Sincerely yours,
teleh0r


______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup