On Wed, 3 Nov 1999 17:19:22 -0600, Kerb wrote:
>BTW, I didnt bother to notify Alibaba, as this "is freeware"
>so they "don't offer any support" as I believe it was worded.
Well, I contacted them concerning an exploitable buffer
overflow in the POST command, and their reply was that
even in tho
Hello BugTraq'ers. I've yet to get around to writing the exploit for
Alibaba that was previously described, but I have found new
bugs. Using specially formed URL's, I was able to list,
view, create, delete, and/or execute any file I wanted.
Here are a few examples:
http://www.victim.com/cgi-bin