bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/unix/remote/19785.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

10 lines
No EOL
648 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/1026/info
ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character ( ` ) is taken as a path to a file for inclusion, for example:
some_parameter: `var/htdig/some_file`
htdig will also allow included files to be specified via form input. Therefore, any file can be specified for inclusion into a variable by any web user.
The URL:
http ://target/cgi-bin/htsearch?Exclude=%60/etc/passwd%60
will return a page with the contents of /etc/passwd in the 'exclude' field.
Reference in a new issue View git blame Copy permalink