Vulnerability Development mailing list archives
Fwd: ShowFile CGI Security Vulnerability
From: SteeleIn99 () AOL COM (Barry Russell)
Date: Thu, 22 Jun 2000 00:50:32 EDT
<STRONG>attached mail follows:</STRONG><HR NOSHADE> Today while messing around with a website who was running Apache WebServer version 1.2.1 I came accross a file called showfile which was located in the cgi-bin dir. This file is very dangerous. It allows the viewing of files on your web system including /etc/motd,/etc/identd.conf and especially /etc/passwd. With the right/wrong(depends on the way you think about it) permissions you can view the /etc/shadow file which is extremely dangerous. I dont know if this file is shipped with the Apache server or not but I thought I would report this anyway. Update Your CGI Scanners :) SteeLe
Current thread:
- Re: Capturing System Calls, (continued)
- Re: Capturing System Calls Chon-Chon Tang (Jun 22)
- Re: Capturing System Calls Jonathan Leto (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Capturing System Calls Ryan Permeh (Jun 22)
- Re: Capturing System Calls Pavel Kankovsky (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Andrew Reisse (Jun 22)
- Re: Capturing System Calls Rajiv Dighe (Jun 22)
- Re: Capturing System Calls Granquist, Lamont (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Fwd: ShowFile CGI Security Vulnerability Blue Boar (Jun 21)
- Re: Another new worm??? Crispin Cowan (Jun 22)
- Re: Another new worm??? Justin Lintz (Jun 21)
- Re: Another new worm??? Steve Mosher (Jun 22)
- Re: Another new worm??? Michael S Hines (Jun 23)
- Re: Another new worm??? David Knaack (Jun 22)
- Re: Another new worm??? Jason Legate (Jun 22)