TinyWeb Lets Remote Users Download CGI Scripts
|
|
SecurityTracker Alert ID: 1010346
|
|
SecurityTracker URL: http://securitytracker.com/id?1010346
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 30 2004
|
Impact: Disclosure of user information
|
Exploit Included: Yes
|
Advisory: Global Security Solution IT (GSSIT)
|
Version(s): 1.92
|
Description: Ziv Kamir of Global Security Solution IT reported a vulnerability in TinyWeb. A remote user can download cgi scripts.
It is reported that a remote user can submit a specially crafted HTTP GET request to download scripts from the cgi-bin directory.
A demonstration exploit request is of the following form:
/cgi-bin/./[Script Name]
The vendor was reportedly notified on
May 26, 2004.
|
Impact: A remote user can download CGI scripts from the cgi-bin directory.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.ritlabs.com/tinyweb/index.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (Any)
|
Reported By: GSS IT <gss_it@yahoo.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 30 May 2004 02:57:46 -0700 (PDT)
From: GSS IT <gss_it@yahoo.com>
Subject: TinyWeb 1.92
|
This is a multi-part message in MIME format.
--------------010305010700040201070600
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
------------------------------------------------------------------------
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger
<http://messenger.yahoo.com/>
--------------010305010700040201070600
Content-Type: text/plain;
name="TinyWeb.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="TinyWeb.txt"
30/05/04
====================================
GSSIT - Global Security Solution IT
====================================
-------------------------------------------------------
Application: TinyWEB Server
Web Site: http://www.ritlabs.com/tinyweb/
Versions: 1.92
Platform: Windows
Credits:
########
#########################################
# == Ziv Kamir == #
# #
# GSSIT - Global Security Solution IT #
# #
# Email : gss_it@yahoo.com #
# #
# #
#########################################
---------------------
1) Introduction
2) Bug
3) The Code
4) Fix
================
1) Introduction
================
TinyWeb is extremely small (executable file size is 53K), simple (no configuration other than through
the command line) and fast (consumes
minimum of system resources) Win32 daemon for regular (TCP/http) and secure (SSL/TLS/https) web serv
ers.
=======
2) Bug
=======
Download Scripts from /cgi-bin/ Folder.
===========
3) The Code
===========
Remote user can issue an HTTP GET request for /cgi-bin/./[Script Name] To download it.
======
4) Fix
======
Date of Vendor Notification:
----------------------------
26 / 05 / 04
Response:
---------
==============================================================================================
*** The Data is for educational purpose only. ***
The information in this bulletin is provided "AS IS" without
warranty of any kind. In no event shall we be liable for any
damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages.
==============================================================================================
--------------010305010700040201070600--
|
|
