Vulnerability Development mailing list archives

Re: Fwd: ShowFile CGI Security Vulnerability

From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Wed, 21 Jun 2000 22:29:44 -0700


Barry Russell wrote:


Today while messing around with a website who was running Apache WebServer
version 1.2.1 I came accross a file called showfile which was located in the
cgi-bin dir. This file is very dangerous. It allows the viewing of files on
your web system including /etc/motd,/etc/identd.conf and especially
/etc/passwd.


Sounds suspiciously like a misconfig.  Anyone know where "showfile" comes
from?

                                        BB

Current thread:

Re: Capturing System Calls, (continued)
- - - Re: Capturing System Calls Jonathan Leto (Jun 22)
    - Re: Capturing System Calls Michal Zalewski (Jun 22)
    - Re: Capturing System Calls Ryan Permeh (Jun 22)
    - Re: Capturing System Calls Pavel Kankovsky (Jun 22)
    - Re: Capturing System Calls Todd Garrison (Jun 22)
    - Re: Capturing System Calls Andrew Reisse (Jun 22)
    - Re: Capturing System Calls Rajiv Dighe (Jun 22)
    - Re: Capturing System Calls Granquist, Lamont (Jun 22)
    - Re: Capturing System Calls Michal Zalewski (Jun 22)
  - Fwd: ShowFile CGI Security Vulnerability Barry Russell (Jun 21)
    - Re: Fwd: ShowFile CGI Security Vulnerability Blue Boar (Jun 21)
  - Re: Another new worm??? Blue Boar (Jun 21)
    - Re: Another new worm??? Crispin Cowan (Jun 22)
- Re: Another new worm??? Harmer, Mike (Jun 21)
- Re: Another new worm??? Frank Town (Jun 21)
  - Re: Another new worm??? Justin Lintz (Jun 21)
    - Re: Another new worm??? Steve Mosher (Jun 22)
    - Re: Another new worm??? Michael S Hines (Jun 23)
  - Re: Another new worm??? David Knaack (Jun 22)
    - Re: Another new worm??? Jason Legate (Jun 22)
    - Re: Another new worm??? David Knaack (Jun 22)

(Thread continues...)