filetype:cgi inurl:tseekdir.cgi

GHDB-ID:

492

Author:

anonymous

Google Dork Description:

filetype:cgi inurl:tseekdir.cgi

The Turbo Seek search engine has a vulnerability. The removed user can look at the contents of files on target. A removed user can request an URL with name of a file, which follows NULL byte (%00) to force system to display the contents of a required file, for example:/cgi-bin/cgi/tseekdir.cgi?location=/etc/passwd%00/cgi-bin/tseekdir.cgi?id=799*location=/etc/passwd%00 More: http://www.securitytracker.com/alerts/2004/Sep/1011221.html