Vulnerability Development mailing list archives
(NT) When exploit CGI's that allow viewing of files...
From: marc () EEYE COM (Marc)
Date: Thu, 6 Jul 2000 17:12:10 -0700
I am trying to make a list of files, that can lead to the remote server being compromised, to request if your exploiting a CGI/ASP/Whatever program that allows you to read files on the remote web server etc... For example: http://[server]/cgi-bin/lame.cgi?../../../../../boot.ini Two examples would be: ../../../../../../Program Files/Microsoft BackOFfice/reboot.ini - Some BackOffice 4.0 service user/pass pairs ../../../../../../winnt/repair/sam - Duh. Some other good paths would be paths to CuteFTP, WS_FTP etc... password files. If you can eMail me personally, I will compile one giant list and then send it back to vuln-dev, to help cut down the amount of traffic like we saw with the default password thread. Signed, Marc Maiffret Chief Hacking Officer eCompany / eEye T.949.675.8160 F.949.675.8191 http://eEye.com P.S. Going to defcon? most of eEye will be there so drop an eMail to roadtrip () eeye com if you want to hook-up.
Current thread:
- Re: BitchX /ignore bug, (continued)
- Re: BitchX /ignore bug Matthew S. Hallacy (Jul 06)
- Updated Default Account Database Eric Knight (Jul 06)
- Re: Updated Default Account Database Jesus D. Muz@oz Largo (Jul 12)
- Re: Updated Default Account Database Nathan Einwechter (Jul 12)
- some things to play with Firstname Lastname (Jul 13)
- Re: some things to play with Vladimir Dubrovin (Jul 14)
- Re: some things to play with Firstname Lastname (Jul 14)
- Re: some things to play with Vladimir Dubrovin (Jul 17)
- Red Hat Linux 6.2 - VIM 5.6 Paulo Ribeiro (Jul 12)
- Re: BitchX /ignore bug Jeremy Gaddis (Jul 06)
- (NT) When exploit CGI's that allow viewing of files... Marc (Jul 06)
- Re: (NT) When exploit CGI's that allow viewing of files... Blue Boar (Jul 06)