|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Minor bug in Pagelog.cgi
From: Mark Stratman (mstrat1
UIC.EDU)Date: Sun Oct 29 2000 - 05:25:08 CST
- Next message: Craig: "Brute Forcing FTP Servers with enabled anti-hammering (anti brute-force) modus"
- Previous message: Thiago Zaninotti: "Re: Half Life dedicated server Patch"
- Next in thread: HT Regz: "Re: Minor bug in Pagelog.cgi"
- Reply: HT Regz: "Re: Minor bug in Pagelog.cgi"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There is a small bug in PAGELOG.cgi by Metertek (Metertekyahoo.com) which
allows users to create and view files.
Any file on the system with a '.log' extension readable by the uid/gid of
the webserver can be viewed. In addition, two files with extensions of
'.txt' and '.log' can be created in any directory on the system that is
writable by the web server.
This bug lies in the failure of the script to check for directory
traversal.
Proofs of concept:
Viewing '.log' file:
Create a file 'a.log' in tmp.
http://server/cgi-bin/pagelog.cgi?display=../../../../tmp/a
This will let you view a.log
Creating files:
http://server/cgi-bin/pagelog.cgi?name=../../../../../tmp/blah
This will create blah.txt and blah.log in /tmp/
The script can be found at http://members.nbci.com/metertek/archive/
cheers.
Mark Stratman (count0)
(mstrat1uic.edu)
http://sporkstorms.org
- Next message: Craig: "Brute Forcing FTP Servers with enabled anti-hammering (anti brute-force) modus"
- Previous message: Thiago Zaninotti: "Re: Half Life dedicated server Patch"
- Next in thread: HT Regz: "Re: Minor bug in Pagelog.cgi"
- Reply: HT Regz: "Re: Minor bug in Pagelog.cgi"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]