Another includer.cgi problem?

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Another includer.cgi problem?
From: <cout@xxxxxxxxxxxxxx>
Date: 17 Mar 2005 02:53:29 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Hello to everyone

I'm sorry if this was already posted but if it wasn't have a look at it.
It seems that includer.cgi will do a very nice directory traversal for you
 but I don't know what version or other specific details but the vuln. 
is very high.I tried only a couple of them and it was enough for me.If
 the includer will serve a text file existed on the web server then it 
will serve you any file you want.It looks like this:
If the server has a valid url 
http://server.com/path/includer.cgi?some_existing_text_file
then it will hapilly also show 
http://server.com/path/includer.cgi?../../../../../../../../../../../etc/passwd
Some versions even don't bother to go up the / directory
http://server.com/path/includer.cgi?/etc/passwd
Now don't go out and break other people's work and show others what a smart 
guy you are and what stupid other people are.
Try to have fun with it and stop there.

Prev by Date: Re: PlatinumFTPserver format string vulnerability ( IHSTeam )
Next by Date: [USN-98-1] OpenSLP vulnerabilities
Previous by thread: MDKSA-2005:058 - Updated kdelibs packages fix multiple vulnerabilities
Next by thread: [USN-98-1] OpenSLP vulnerabilities
Index(es):
- Date
- Thread