<<< Date Index >>>     <<< Thread Index >>>

Another includer.cgi problem?




Hello to everyone

I'm sorry if this was already posted but if it wasn't have a look at it.
It seems that includer.cgi will do a very nice directory traversal for you
 but I don't know what version or other specific details but the vuln. 
is very high.I tried only a couple of them and it was enough for me.If
 the includer will serve a text file existed on the web server then it 
will serve you any file you want.It looks like this:
If the server has a valid url 
http://server.com/path/includer.cgi?some_existing_text_file
then it will hapilly also show 
http://server.com/path/includer.cgi?../../../../../../../../../../../etc/passwd
Some versions even don't bother to go up the / directory
http://server.com/path/includer.cgi?/etc/passwd
Now don't go out and break other people's work and show others what a smart 
guy you are and what stupid other people are.
Try to have fun with it and stop there.