[38589] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: index.cgi script XSS + file show

daemon@ATHENA.MIT.EDU (D.C. van Moolenbroek)
Mon Apr 25 17:56:11 2005

Message-ID: <000901c549d4$83f4f390$0500000a@neptune>
From: "D.C. van Moolenbroek" <xanadu@chello.nl>
To: <bugtraq@securityfocus.com>
Date: Mon, 25 Apr 2005 22:22:34 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Could you please provide some more specific information regarding the
bugs you have found? For example, a simple google query for
"inurl:index.cgi" yields over two million results, and I seriously doubt
that those are all vulnerable - which product(s) are we talking about
here, and which version(s)? This information would greatly enhance the
ability of those who are either writing or using the vulnerable
software, to deal with the problem..

Kind regards,
David van Moolenbroek

"fireboy fireboy" wrote:
>
>
> Tunis 24/04/2005
> BUG found by fireboy
> fireboy@webmails.com
>
>
>
> THERE ARE SOME BUGS IN index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES
IN A SYSTEM
>
> IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE
>
>
>
> 1)file showing
> http://www.target.com/index.cgi?/etc/passwd
>
>
> 2)CSS
>
http://www.target.com/index.cgi?&lt;script&gt;alert(document.cookie)&lt;
/script&gt;
>
>
> greetz to all magattack members www.magattack.tk


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38589] in bugtraq

Re: index.cgi script XSS + file show

daemon@ATHENA.MIT.EDU (D.C. van Moolenbroek)Mon Apr 25 17:56:11 2005

daemon@ATHENA.MIT.EDU (D.C. van Moolenbroek)
Mon Apr 25 17:56:11 2005