Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: hypseek2.htm

Hyperseek ../ and %00 vulnerabilities



Vulnerability

    Hyperseek

Affected

    Hyperseek 2000 Search Engine

Description

    MC GaN (NerF security  gr0up advisory) found following.   Standard
    perl problem is in statistic  module - file: hsx.cgi, script  does
    not filter ../ and %00.   Through this bug, you can remotely  read
    any file and  make listing of  directory. ../ -  directory up, %00
    hex symbol, that means end of line.

    Exploit url:

        http://www.victim.ru/cgi-bin/hsx.cgi?show=../../../../../../etc/passwd%00
        http://www.netsurprise.de/cgi-bin/suche/hsx.cgi?show=../../../../../../../etc/passwd%00

    Note: directory can change and amount of ../ can vary.

Solution

    Filter symbols like:

        $dat=~ s/\0//g;


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH