TUCoPS :: Web BBS :: etc :: technot2.htm

Technote CGI board - allows arbitrary file download 
Vulnerability

    main.cgi

Affected

    Technote 2000 (maybe 2001)

Description

    Following is based on a Ksecurity Advisory.  Technote is a  famous
    Korean  cgi  board.   In  main.cgi,  there  is failure to properly
    validate user input which arguments a call to open().   FREE_BOARD
    is a default db.

        http://localhost/technote/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi

Solution

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH