Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: CGIForum 1.0 Vulnerability
From: zorgon (zorgonLINUXSTART.COM)
Date: Mon Nov 20 2000 - 10:38:56 CST


Date: 2000/11/20
Affected Application: CGIForum 1.0
        Markus Triska

CGIForum is a free forum. We can set 'thesection' parameter to view
files on the vulnerable system with privileges of the user "nobody".

This is caused from OutputHTMLFile function in cgiforum.pl script where $section (= $thesection ) isn't checked (never besides in this script).


The author is informed.

zorgon <zorgonlinuxstart.com>
Do you do Linux? :)
Get your FREE linuxstart.com email address at: http://www.linuxstart.com