BNCweb File Disclosure Vulnerability

[Matthias Bethke <matthias.bethke () gmx net>]

BNCweb is a set of CGI scripts developed at the University of Zürich as a user-friendly query interface to the British 
National Corpus. It allows linguists to retrieve lexical, grammatical and textual data from this 100 million word 
collection of english texts using a web browser. For more information see http://homepage.mac.com/bncweb/home.html

BNCweb has been found prone to a file dicsclosure vulnerability that allows attackers to read any file accessible to 
the CGI user (typically "wwwrun") anywhere in the server's file systems by supplying a trivially manipulated URL to the 
query script. This includes web web server and system password files, opening the door for further compromises. 
However, exploitation requires access to the script itself, which in a correctly installed system is protected by the 
web server's access control mechanism, thus only registered users are able to carry out an attack.

The reason for this vulnerability is a piece of obsolete code left over from a development version. As a quick fix, the 
author suggests removing lines 23 to 25 in the BNCquery.pl script. This has no effect on the script's normal 
functionality.