[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000901c549d4$83f4f390$0500000a@neptune>
Date: Mon, 25 Apr 2005 22:22:34 +0200
From: "D.C. van Moolenbroek" <xanadu@...llo.nl>
To: <bugtraq@...urityfocus.com>
Subject: Re: index.cgi script XSS + file show
Could you please provide some more specific information regarding the
bugs you have found? For example, a simple google query for
"inurl:index.cgi" yields over two million results, and I seriously doubt
that those are all vulnerable - which product(s) are we talking about
here, and which version(s)? This information would greatly enhance the
ability of those who are either writing or using the vulnerable
software, to deal with the problem..
Kind regards,
David van Moolenbroek
"fireboy fireboy" wrote:
>
>
> Tunis 24/04/2005
> BUG found by fireboy
> fireboy@...mails.com
>
>
>
> THERE ARE SOME BUGS IN index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES
IN A SYSTEM
>
> IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE
>
>
>
> 1)file showing
> http://www.target.com/index.cgi?/etc/passwd
>
>
> 2)CSS
>
http://www.target.com/index.cgi?<script>alert(document.cookie)<
/script>
>
>
> greetz to all magattack members www.magattack.tk
Powered by blists - more mailing lists