[18345] in bugtraq
Technote
daemon@ATHENA.MIT.EDU (bt@SPITZNER.ORG)
Tue Dec 26 11:41:02 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <200012231340.eBNDexm00624@spitzner.org>
Date: Sat, 23 Dec 2000 14:40:59 +0100
Reply-To: bt@SPITZNER.ORG
From: bt@SPITZNER.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
Technote a korean company sells something like a web-board called
technote (surprise).
I'm not aware where this software is used outside korea , but at
least _some_ versions (used ones) contain a file disclosure vuln.
Ex:
http://students.washington.edu/~jaeyong/technote/technote/print.cgi?board=../../../../../../../../etc/passwd%00
Since I cannot read anything on their (Technotes) website, I simply
sent an email to info@ to notify them.
-rasp
