Re: MondoSearch show the source of all files

Sat, 19 Oct 2002 13:21:06 -0700 

In-Reply-To: <[EMAIL PROTECTED]>

>Received: (qmail 22343 invoked from network); 10 Oct 2002 18:54:28 -0000
>Received: from outgoing2.securityfocus.com (HELO 
outgoing.securityfocus.com) (205.206.231.26)
>  by mail.securityfocus.com with SMTP; 10 Oct 2002 18:54:28 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com 
[205.206.231.19])
>       by outgoing.securityfocus.com (Postfix) with QMQP
>       id E32B88F2D4; Thu, 10 Oct 2002 11:59:02 -0600 (MDT)
>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@;securityfocus.com>
>List-Help: <mailto:bugtraq-help@;securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@;securityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@;securityfocus.com>
>Delivered-To: mailing list [EMAIL PROTECTED]
>Delivered-To: moderator for [EMAIL PROTECTED]
>Received: (qmail 22655 invoked from network); 10 Oct 2002 18:05:58 -0000
>Date: 10 Oct 2002 18:09:35 -0000
>Message-ID: <[EMAIL PROTECTED]>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: thefastkid <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: MondoSearch show the source of all files
>
>

Although the Mondosoft was not notified prior to the posting, Mondosoft 
has reacted quickly and have remedied the situation within 24 hours by 
which time all Mondosoft customers where notified.
See the following:
Secure your site without updating: http://www.mondosoft.com/security-
info.asp
Obtaining an update: http://www.mondosoft.com/security-update.asp




>
>MondoSearch show the source of all files
>--------------------------------------------
>
>Affected Program: MondoSearch 4.4
>(possibly earlier versions too, but not tested)
>Vendor: http://www.mondosoft.com
>Vendor Status: not informed yet
>Discovery Date: 10 oct 2002
>
>Problem
>-------
>You can see the source of the files, who are in the same
>directory and subdirectories
>
>
>Example
>-------
>http://www.foo/cgi-bin2/MsmMask.exe?mask=/
>foo.asp ..to see the source of foo.asp in the root dir
>
>
>Solutions
>---------
>* The program have to check if is real .cfg file
>

Reply via email to