Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: wbanner.htm

WebBanner directory traversal vulnerability



    Selena Sol's WebBanner 4.0


    Johannes Westerink found following.  At your browser, type simply:


    ... and you should view passwd  file as user nobody (if server  is
    serving page as user nobody...).  Trying to execute a command with
    | won't work always because	the script is running standard with -T
    option: #!/usr/bin/perl  -T, you  can first  view the  script code
    with above way,  check if there  is a -T  option, if not,  you can
    execute any command as nobody user (....&html_file=|ls -la|).


    Newer version should fix that.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH