Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Abe Timmerman - zml.cgi File Disclosure

🗓️ 31 Dec 2001 00:00:00Reported by blackshellType 
exploitpack
 exploitpack👁 8 Views

Vulnerability in zml.cgi allows directory traversal for file access on Apache servers.

Code
source: https://www.securityfocus.com/bid/3759/info

zml.cgi is a perl script which can be used to support server side include directives under Apache. It recognizes a simple set of commands, and allows access to cgi parameters and environment variables. It can run on Linux and Unix systems or any other platform with Apache and Perl support.

zml.cgi accepts as a parameter the file to parse for these ssi directives. This parameter is susceptible to the standard ../ directory traversal attack, allowing arbitrary files to be specified. Although the script attempts to append a .zml extension to any file accessed, appending a null byte to the file name parameter is sufficient to evade this restriction.

The author of the script has reported that this vulnerability does not exist in any published version of ZML, and that the file parameter has never been used by ZML. It is possible that this vulnerability exists in a modified version of ZML published by an unknown third party. If more details become available, this vulnerability will be updated.

http://www.blackshell.com/cgi-bin/zml.cgi?file=../../../../../../../../../etc/motd%00

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Dec 2001 00:00Current
7.4High risk
Vulners AI Score7.4
zml.cgi vulnerabilitydirectory traversal attackserver side includearbitrary file accessnull byte injection
8