Vulners
Lucene search
mdma-5.savant.txt
`MDMA Advisory #5 by Andrew Lewis aka. Wizdumb
Reading of CGI Scripts under Savant Webserver
It is possible to view the source of CGI scripts running under the Savant
Webserver by omitting the HTTP version from your request. For example, we
connect to port 80 of the server and type "GET /cgi-bin/mdma.bat HTTP/1.0"
followed by two enters, and the results are as follows...
------------------------------------------------
HTTP/1.0 200 OK
Pragma: no-cache
Content-type: text/html
Server: Savant
phjeeeer
------------------------------------------------
However, if we just type "GET /cgi-bin/mdma.bat" followed by two enters,
the results are as follows...
------------------------------------------------
@echo off
rem CGI Script for demonstrating vulnerability
echo phjeeeer
------------------------------------------------
The vendor has been contacted and a fix is in the pipeline. Greetz to everyone
in MDMA, b0f, Vortexia, Blabber.Net's #hack, and everyone that knows me.
Cheers,
Andrew Lewis aka. Wizdumb
PS. Savant is also affected by the /con/con bug - as if you were expecting
otherwise ;-)
--==--==--==--==-->>
[email protected]
www.mdma.za.net/fk
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Jun 2000 00:00Current
7.4High risk
Vulners AI Score7.4