cgiforum-1.0.txt

2000-12-03T00:00:00
ID PACKETSTORM:23747
Type packetstorm
Reporter Zorgon
Modified 2000-12-03T00:00:00

Description

                                        
                                            `Hi,  
  
Date: 2000/11/20  
Affected Application: CGIForum 1.0  
http://www.marcbrinkmann.de/inandonline/netz/CGIForum-1.0.tar.gz  
Markus Triska  
<triska@gmx.at>  
  
CGIForum is a free forum. We can set 'thesection' parameter to view  
files on the vulnerable system with privileges of the user "nobody".  
  
This is caused from OutputHTMLFile function in cgiforum.pl script where $section (= $thesection ) isn't checked (never besides in this script).  
  
e.g.:  
http://127.0.0.1/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/passwd%00  
  
The author is informed.  
  
  
  
==================================  
zorgon <zorgon@linuxstart.com>  
http://www.nightbird.free.fr  
----------------------  
Do you do Linux? :)   
Get your FREE @linuxstart.com email address at: http://www.linuxstart.com  
`