[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard
From: ZetaLabs <zetalabs () zone-h ! org>
Date: 2004-01-29 10:40:43
Message-ID: 20040129104043.9815.qmail () www ! securityfocus ! com
[Download RAW message or body]
ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary \
file retrieving
Published: 29 january 2004
Released: 29 january 2004
Name: PJ CGI Neo review (NeoBoard review)
Affected Systems: Current version
Issue: Remote file retrieving
Author: Zone-h Security Labs
Vendor: http://www.livepj.com
Description
***********
Zone-h Security Team has discovered a flaw in PJ CGI Neo review (NeoBoard review). \
There is a vulnerability in the current version of NeoBoard that allows an attacker \
to retrieve arbitrary files from the webserver with its priviledges.
Details
*******
It's possibile for a remote attacker to retrieve any file from a webserver.
For example try this:
http://address/directory/PJreview_Neo.cgi?p=/../../../../../../../../../../../../../../../../etc/passwd
Solution:
*********
The vendor has not been contacted because his site is unreachable.
http://www.zone-h.org/advisories/read/id=3824
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic