| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 May 2006 23:08:38 -0400 (EDT) From: "Steven M. Christey" <coley@...re.org> To: bugtraq@...urityfocus.com Subject: Re: tseekdir.cgi<--Local File Include >foud by: BoNy-m Also apparently found by durito in September 2004, as identified in the Turbo Seek product. > /tseekdir.cgi?id=1055&location=/etc/passwd%00 This is the same exploit vector as what was reported in Secunia SA12500 and BID 11163: http://www.securityfocus.com/bid/11163/exploit http://secunia.com/advisories/12500/ and claimed by Secunia to be fixed in 1.7.2. > /tseekdir.cgi?location=/../../../../etc/passwd%00 The use of ".." seems to be a new attack that IDS people might want to note, but in my experience, you can't be sure whether this is exhbiting a distinct bug from the absolute path issue that was already mentioned (one of the fun things about path traversal in general). However, this would require testing against 1.7.2 or later versions (since fixes for absolute path issues might still allow ".." variants). - Steve P.S. to moderator - feel free to privately ask me to shut up about all these errors, I swear I only comment on a small percentage of them :)
Powered by blists - more mailing lists