filetype:cgi inurl:tseekdir.cgi

• SHDB
• 1152 阅读

• 日期：2004-09-21
• 类别：
  • Advisories and Vulnerabilities
• 作者：anonymous
• 语法：filetype:cgi inurl:tseekdir.cgi

• The Turbo Seek search engine has a vulnerability. The removed user can look at the contents of files on target. A removed user can request an URL with name of a file, which follows NULL byte (%00) to force system to display the contents of a required file, for example:/cgi-bin/cgi/tseekdir.cgi?location=/etc/passwd%00/cgi-bin/tseekdir.cgi?id=799*location=/etc/passwd%00 More: http://www.securitytracker.com/alerts/2004/Sep/1011221.html