I'm sorry if this was already posted but if it wasn't have a look at it.
It seems that includer.cgi will do a very nice directory traversal for you
but I don't know what version or other specific details but the vuln.
is very high.I tried only a couple of them and it was enough for me.If
the includer will serve a text file existed on the web server then it
will serve you any file you want.It looks like this:
If the server has a valid url
http://server.com/path/includer.cgi?some_existing_text_file
then it will hapilly also show
http://server.com/path/includer.cgi?../../../../../../../../../../../etc
/passwd
Some versions even don't bother to go up the / directory
http://server.com/path/includer.cgi?/etc/passwd
Now don't go out and break other people's work and show others what a smart
guy you are and what stupid other people are.
Try to have fun with it and stop there.
Hello to everyone
I'm sorry if this was already posted but if it wasn't have a look at it.
It seems that includer.cgi will do a very nice directory traversal for you
but I don't know what version or other specific details but the vuln.
is very high.I tried only a couple of them and it was enough for me.If
the includer will serve a text file existed on the web server then it
will serve you any file you want.It looks like this:
If the server has a valid url
http://server.com/path/includer.cgi?some_existing_text_file
then it will hapilly also show
http://server.com/path/includer.cgi?../../../../../../../../../../../etc
/passwd
Some versions even don't bother to go up the / directory
http://server.com/path/includer.cgi?/etc/passwd
Now don't go out and break other people's work and show others what a smart
guy you are and what stupid other people are.
Try to have fun with it and stop there.
[ reply ]