Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: vndbcgi.txt

vndb.cgi can display arb files

Tuxtendo Security Advisory
(c) 2001 Tuxtendo
WWW   :

1. Program information
Program Name    : vndb.cgi
Description     : vndb.cgi is a cgi script which shows files by catecory.
Vendor          :
Program purpose : Normaly it's used to show *.html files
Bug Found by    : Noxious (
Tuxtendo ID     : TXN-0108-2001-TX01
Date		: 01-08-2001

2. Problem Description
Normally the vndb.cgi is used to show .html files, the programmer has the
root path set wrong so the path can be escaped which can be used to view

3. Exploit

4. Solution
Use another script, check out for other scripts.

5. Vendor status
vendor was contacted multiple times but had no respons what so ever.

This advisory does not claim to be complete or to be usable for any purpose.
Especially information on the vulnerable systems may be inaccurate 
Possibly supplied exploit code is not to be used for malicious , but for educational
purposes only.
This advisory is free for open distribution in unmodified form.
Articles that are based on information from this advisory should include link to
For more information regarding this 
bug or other information E-Mail:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH