Another includer.cgi problem?
Hello to everyone
I'm sorry if this was already posted but if it wasn't have a look at it.
It seems that includer.cgi will do a very nice directory traversal for you
but I don't know what version or other specific details but the vuln.
is very high.I tried only a couple of them and it was enough for me.If
the includer will serve a text file existed on the web server then it
will serve you any file you want.It looks like this:
If the server has a valid url
http://server.com/path/includer.cgi?some_existing_text_file
then it will hapilly also show
http://server.com/path/includer.cgi?../../../../../../../../../../../etc/passwd
Some versions even don't bother to go up the / directory
http://server.com/path/includer.cgi?/etc/passwd
Now don't go out and break other people's work and show others what a smart
guy you are and what stupid other people are.
Try to have fun with it and stop there.