Name: ROADS search system "show files" Vulnerability with
"null bite" bug
Date: 29.01.2001
About: The program is a Common Gateway Interface
(CGI) program used to provide an end user search front end
to ROADS databases. When accessed with no CGI query, the
program can return an HTML form to the user to fill in to
make a query. This form can be designed by the SBIG
Administrator and can include a number of options. The
default form for this installation is held in the search
directory under the ROADS config directory by
Problem: Through this bug you can see any files, bug works
on every system were perl is installed. "%00" - means hex
symbol of the end of the line, used in C,C++ and perl.
Author: UkR-XblP
Get your free e-mail address at

Reply via email to