includercgi.txt

2005-03-22T00:00:00
ID PACKETSTORM:36678
Type packetstorm
Reporter cout
Modified 2005-03-22T00:00:00

Description

                                        
                                            `  
  
Hello to everyone  
  
I'm sorry if this was already posted but if it wasn't have a look at it.  
It seems that includer.cgi will do a very nice directory traversal for you  
but I don't know what version or other specific details but the vuln.   
is very high.I tried only a couple of them and it was enough for me.If  
the includer will serve a text file existed on the web server then it   
will serve you any file you want.It looks like this:  
If the server has a valid url   
http://server.com/path/includer.cgi?some_existing_text_file  
then it will hapilly also show   
http://server.com/path/includer.cgi?../../../../../../../../../../../etc/passwd  
Some versions even don't bother to go up the / directory  
http://server.com/path/includer.cgi?/etc/passwd  
Now don't go out and break other people's work and show others what a smart   
guy you are and what stupid other people are.  
Try to have fun with it and stop there.  
`