Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Mon May 07 2001 - 19:31:12 CDT
A1Stats is a CGI package to track website traffic.
The package has a view files bug and also gives the
possibility to overwrite existing files.
/-|=[who is vulnerable]=|-\
Anyone using a A1Stats that was downloaded before
To test these vulnerabilities, try the following.
These two will give you /etc/passwd.
This will also give you /etc/passwd but it will
show it in a very mangled manner as the CGI adds
HTML tags to what it thinks is a file it created
One can also open a file and wreck its contents.
will empty a1admin.txt. a1admin.txt contains the
password to change settings of the CGI. When this
file is removed, no one can log in anymore.
Downloading the latest version will solve this
Free, encrypted, secure Web-based email at www.hushmail.com