Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MondoSearch show the source of all files

From: Orp 664 <orp644 () yahoo com>
Date: 19 Oct 2002 08:10:44 -0000
In-Reply-To: <20021010180935.14148.qmail () mail securityfocus com>


Received: (qmail 22343 invoked from network); 10 Oct 2002 18:54:28 -0000
Received: from outgoing2.securityfocus.com (HELO 

outgoing.securityfocus.com) (205.206.231.26)

 by mail.securityfocus.com with SMTP; 10 Oct 2002 18:54:28 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com 

[205.206.231.19])

      by outgoing.securityfocus.com (Postfix) with QMQP
      id E32B88F2D4; Thu, 10 Oct 2002 11:59:02 -0600 (MDT)
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 22655 invoked from network); 10 Oct 2002 18:05:58 -0000
Date: 10 Oct 2002 18:09:35 -0000
Message-ID: <20021010180935.14148.qmail () mail securityfocus com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: thefastkid <thefastkid () ziplip com>
To: bugtraq () securityfocus com
Subject: MondoSearch show the source of all files




Although the Mondosoft was not notified prior to the posting, Mondosoft 
has reacted quickly and have remedied the situation within 24 hours by 
which time all Mondosoft customers where notified.
See the following:
Secure your site without updating: http://www.mondosoft.com/security-
info.asp
Obtaining an update: http://www.mondosoft.com/security-update.asp






MondoSearch show the source of all files
--------------------------------------------

Affected Program: MondoSearch 4.4
(possibly earlier versions too, but not tested)
Vendor: http://www.mondosoft.com
Vendor Status: not informed yet
Discovery Date: 10 oct 2002

Problem
-------
You can see the source of the files, who are in the same
directory and subdirectories


Example
-------
http://www.foo/cgi-bin2/MsmMask.exe?mask=/
foo.asp ..to see the source of foo.asp in the root dir


Solutions
---------
* The program have to check if is real .cfg file
Previous By Date Next
Previous By Thread Next

Current thread: