filetype:cgi inurl:"fileman.cgi"

  • 日期:2004-07-26
  • 类别:
  • 作者:anonymous
  • 语法:filetype:cgi inurl:"fileman.cgi"
  • This brings up alot of insecure as well as secure filemanagers. These software solutions are often used by companies offering a "simple" but "cost effective" way to their users who don't know unix or html. There is a problem sometimes with this specific filemanager due to insecure use of the session ID that can be found in the unprotected "fileman.log" logfile. It has been reported that an attacker can abuse the last document-edit-url of the logfile. By copy pasting that line in a new window it gives the attacker valid user credentials on the server, at least for a while.. (think hours not seconds).