SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   csFAQ Vendors:   WWW.CGIscript.NET, LLC
csFAQ Discloses Installation Path to Remote Users
SecurityTracker Alert ID:  1010597
SecurityTracker URL:  http://securitytracker.com/id/1010597
CVE Reference:   CVE-2004-0665   (Links to External Site)
Updated:  Jul 15 2004
Original Entry Date:  Jun 28 2004
Impact:   Disclosure of system information
Exploit Included:  Yes  

Description:   DarkBicho reported a vulnerability in csFAQ. A remote user can determine the installation path.

It is reported that a remote user can supply a specially crafted URL to cause the system to disclose the installation path. A demonstration exploit URL is provided:

http://[target]/cgi-script/csFAQ/csFAQ.cgi?command=viewFAQ&database=/.darkbicho

The vendor has reportedly been notified.

The original advisory is available at:

http://www.swp-zone.org/archivos/advisory-08.txt

Impact:   A remote user can determine the installation path.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=14 (Links to External Site)
Cause:   Access control error, Exception handling error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Full path disclosure csFAQ


http://www.swp-zone.org/archivos/advisory-08.txt

-------------------------------------------------------------------------------------------------

                             :.: Full path disclosure csFAQ :.:

   PROGRAM: csFAQ
   HOMEPAGE: http://www.cgiscript.net/
   BUG: Full path disclosure
   DATE:  23/05/2004
   AUTHOR: DarkBicho
           web: http://www.darkbicho.tk
           team: Security Wari Proyects <www.swp-zone.org>
           Email: darkbicho@peru.com

-------------------------------------------------------------------------------------------------

1.- Affected software description:
     ------------------------------
     csFAQ An automated system for displaying FAQs (frequently asked
     questions)  written  by
     CGI Scripts.

2.- Description:
     ------------
     This vulnerability would allow a remote user to determine the full
     path to the web root directory and other potentially sensitive
     information.


     :.: Examples:

     http://www.attack.com/cgi-script/csFAQ/csFAQ.cgi?command=viewFAQ&database=/.darkbicho


     /www/attack/cgi-script/csFAQ//%2f%2edarkbicho
     Content-type: text/html
     Software error:
     1 at csFAQ.cgi line 1117.

3.- SOLUTION:
     Vendors were contacted many weeks ago and plan to release a fixed
     version soon.
     Check the PHP-NUKE website for updates and official release details.

4.- Greetings:
     ---------

     greetings to my Peruvian group swp, perunderforce and machado ;)
     "EL PISCO ES Y SERA PERUANO"

5.- Contact
     -------

     WEB: http://www.darkbicho.tk
     EMAIL: darkbicho@peru.com

-------------------------------------------------------------------------------------------------
                                 ___________      ____________
                                /   _____/  \    /  \______   \
                                \____   \\   \/\/   /|     ___/
                               /         \\        / |    |
                              /_____ __  / \__/\  /  |____|
                              \/       \/
                                 Security Wari Projects
                                   (c) 2002 - 2004
		                    Made in Peru

----------------------------------------[   EOF
]----------------------------------------------
 

  

  

DarkBicho

Web: http://www.darkbicho.tk

"Mi unico delito es ver lo que otros no pueden ver"



---------------------- The End ----------------------




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC