At 02:58 AM 8/29/02 +0200, you wrote: >Change the domain and the username below to one of your RaQs and see yourself: > >http://www.victim.org/cgiwrapDir/cgiwrapd/~someone/<html><s>TEST</s> > >Reveals UID, GID of "someone", his home directory and some other errands. > >All by itself it isn't that big of a deal, but I could imagine a few scenarios >where this information might aid in an exploitation.
Hmm, I get nothing but 404 errors or CGIWrap telling me it can't find the script file on my RaQ2. Does that mean that the RaQ2 is not vulnerable to this exploit? (I did install the recently-announced patch.) More likely it means that I'm not entering the URL correctly... Am guessing at what to put in place of "cgiwrapDir". Suggestions? Thanks, Mr. Stauber, for sharing this info! Dan Keller _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
