Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Directory Pro (CGI) Vendors:
Directory Pro CGI-based Web Directory Management Tool Lets Remote Users Obtain Files on the Server
SecurityTracker Alert ID:  1001629
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 29 2001
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  

Description:   A vulnerability has been reported in the Directory Pro perl-based web directory management tool that allows remote users to obtain files located outside of the restricted web directory.

A remote user can use the following type of URL to obtain a file on the server (in this case, it is the file /etc/motd):


Impact:   A remote user can obtain files located outside of the restricted web directory.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents

Subject:  directorypro.cgi , directory traversal

cgi-script directorypro.cgi is vulnerable to a directory traversal.


I didn't looked at the source of the script but it is probably a script
wat normally puts an extension to the requested file.
But bij putting the %00 (NULL) character at the end of your request you
bypass this. The extension will be appended but the string is read till
NULL character is found, so before the extension.

Didn't find any report of this bug on securityfocus and google.
And didn't inform vendor because i don't know who it is =)


marshal (la~onda)
[ url  : | security news & links    ]
[ url  :    | security news & exploits ]


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC