HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #89
From team WiiPhonies
New advisory by : John_K
Affected service(s): CGIBAS
Severity [lmh] : high
===== Problem =====
Use CGIBASE upload.bas to overwrite a script file at an absolute path that is writable by www-data
===== Impact =====
Any file writable by www-data can be overwritten
===== Fix =====
make sure all script files are not writable by www-data
Rating
[1] not exactly new (see adv sumthin from sq), but extend of bug is now realized