Vulnerability Development mailing list archives
Re: Fwd: ShowFile CGI Security Vulnerability
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Wed, 21 Jun 2000 22:29:44 -0700
Barry Russell wrote:
Today while messing around with a website who was running Apache WebServer version 1.2.1 I came accross a file called showfile which was located in the cgi-bin dir. This file is very dangerous. It allows the viewing of files on your web system including /etc/motd,/etc/identd.conf and especially /etc/passwd.
Sounds suspiciously like a misconfig. Anyone know where "showfile" comes from? BB
Current thread:
- Re: Capturing System Calls, (continued)
- Re: Capturing System Calls Jonathan Leto (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Capturing System Calls Ryan Permeh (Jun 22)
- Re: Capturing System Calls Pavel Kankovsky (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Andrew Reisse (Jun 22)
- Re: Capturing System Calls Rajiv Dighe (Jun 22)
- Re: Capturing System Calls Granquist, Lamont (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Fwd: ShowFile CGI Security Vulnerability Blue Boar (Jun 21)
- Re: Another new worm??? Crispin Cowan (Jun 22)
- Re: Another new worm??? Justin Lintz (Jun 21)
- Re: Another new worm??? Steve Mosher (Jun 22)
- Re: Another new worm??? Michael S Hines (Jun 23)
- Re: Another new worm??? David Knaack (Jun 22)
- Re: Another new worm??? Jason Legate (Jun 22)
- Re: Another new worm??? David Knaack (Jun 22)