Bugtraq mailing list archives
WebSPIRS CGI script "show files" Vulnerability.
From: UkR-XblP <cuctema () OK RU>
Date: Mon, 12 Feb 2001 17:15:48 +0300
-----------UkR security team advisory #1 ------------ WebSPIRS CGI script "show files" Vulnerability. -------------------------------------------------- Name: WebSPIRS CGI script "show files" Vulnerability. Date: 27.01.2001 About: WebSPIRS is SilverPlatter's Information Retrieval System for the World Wide Web (WWW). It is a common gateway interface (CGI) application which allows any forms-capable browser, such as Netscape, to search SilverPlatter (SP) Electronic Reference Library (ERL) databases available over the Internet. http://www.silverplatter.com. Problem: Problem lyes in incorrect validation of user submitted-by-browser information, that can show any file of the system where script installed. Aothor: UkR-XblP Exploit: www.target.com/cgi-bin/webspirs.cgi?sp.nextform=../../../../../../path/to/file Affected: affected in all version of this script Get your free e-mail address at http://www.zmail.ru
Current thread:
- WebSPIRS CGI script "show files" Vulnerability. UkR-XblP (Feb 12)
- Re: WebSPIRS CGI script "show files" Vulnerability. Ashwin Kutty (Feb 13)