According to its website, Miva (htmlscript 3.0) "is an HTML based web
development language which provides the power of scripting via new,
easy-to-use tags."
The exploit:
http://www.vulnerable.server.com/cgi-bin/htmlscript?../../../../etc/passwd
I suppose the number of ..s will depend on the location of the cgi program.
I glanced through their configuration file and it has a variable called
'htmlscriptroot' in it. Since you would apparently get an error if this
were not set, I don't think setting it resolves the problem.
I did not discover this exploit, and I have no previous experience with
htmlscript. The individual who reported it to me wishes to remain
anonymous. They confirmed the problem on at least one other server using
the cgi. Please do not email me about this problem.
-- pity this busy monster, manunkind, | Dennis Moore | Sarah not. Progress is a comfortable disease. | rainking@frenzy.com | McLachlan -e.e. cummings: One Times One | archon on the irc | "Black" If I cried me a river of all my confessions would I drown in my shallow regret?