HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #38
From team KEVA
New advisory by : slashd
Affected service(s): cgbas
Severity [lmh] : medium
===== Problem =====
We can access the source code of the files stored on /cgi/ on port 81 as the configuration allows it.
===== Impact =====
Source code disclosure of the cgi directory files. Stealing patches, bugs, etc :)
===== Fix ======
create .htaccess file in /cgi directory, which would contain code for deny all reading allows from users
Rating
[0] too late - see advisory 25