CGIForum v1.0i (cgi-bin/cgiforum.pl) allows remote users to view any file on the system via a ../.. bug.
54a31d246b1ce0df322a76314cf66492c32c1c40d5388c5187fc9b897b0070fa
Hi,
Date: 2000/11/20
Affected Application: CGIForum 1.0
http://www.marcbrinkmann.de/inandonline/netz/CGIForum-1.0.tar.gz
Markus Triska
<triska@gmx.at>
CGIForum is a free forum. We can set 'thesection' parameter to view
files on the vulnerable system with privileges of the user "nobody".
This is caused from OutputHTMLFile function in cgiforum.pl script where $section (= $thesection ) isn't checked (never besides in this script).
e.g.:
http://127.0.0.1/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/passwd%00
The author is informed.
==================================
zorgon <zorgon@linuxstart.com>
http://www.nightbird.free.fr
----------------------
Do you do Linux? :)
Get your FREE @linuxstart.com email address at: http://www.linuxstart.com