OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: UkR-XblP™ (cuctemaOK.RU)
Date: Mon Feb 12 2001 - 08:17:07 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Name: ROADS search system "show files" Vulnerability with
    "null bite" bug
    Date: 29.01.2001
    About: The search.pl program is a Common Gateway Interface
    (CGI) program used to provide an end user search front end
    to ROADS databases. When accessed with no CGI query, the
    program can return an HTML form to the user to fill in to
    make a query. This form can be designed by the SBIG
    Administrator and can include a number of options. The
    default form for this installation is held in the search
    directory under the ROADS config directory by
    http://www.roads.lut.ac.uk
    Problem: Through this bug you can see any files, bug works
    on every system were perl is installed. "%00" - means hex
    symbol of the end of the line, used in C,C++ and perl.
    Author: UkR-XblP
    Exploit: http://www.victim.com/ROADS/cgi-bin/search.pl?form=url_to_any_file%00
    Get your free e-mail address at http://www.zmail.ru