[17707] in bugtraq
CGIForum 1.0 Vulnerability
daemon@ATHENA.MIT.EDU (zorgon)
Mon Nov 20 14:22:22 2000
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
Message-Id: <200011201638.eAKGcu530561@tbird.iworld.com>
Date: Mon, 20 Nov 2000 11:38:56 -0500
Reply-To: zorgon <zorgon@LINUXSTART.COM>
From: zorgon <zorgon@LINUXSTART.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
Date: 2000/11/20
Affected Application: CGIForum 1.0
http://www.marcbrinkmann.de/inandonline/netz/CGIForum-1.0.tar.gz
Markus Triska
<triska@gmx.at>
CGIForum is a free forum. We can set 'thesection' parameter to view
files on the vulnerable system with privileges of the user "nobody".
This is caused from OutputHTMLFile function in cgiforum.pl script where $section (= $thesection ) isn't checked (never besides in this script).
e.g.:
http://127.0.0.1/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/passwd%00
The author is informed.
==================================
zorgon <zorgon@linuxstart.com>
http://www.nightbird.free.fr
----------------------
Do you do Linux? :)
Get your FREE @linuxstart.com email address at: http://www.linuxstart.com
