Security Basics mailing list archives
Coldfusion Path Disclosure Vulnerability, Help Required
From: Maverick The Techie <seclists4maverick () gmail com>
Date: Sat, 26 Feb 2005 03:18:04 +0530
Respected Members, A Few days ago when i was doing a routine scan of my brother's website for finding out vulnerabilities, Nikto reported this vulnerability "nul..dbm - ColdFusion 5.0 and below, 4.0-5.0 reveal file system paths of .cfm or .dbm files when the request contains invalid DOS devices." and i checked Bugtraq Archives for more info on this and i got the following info that "Certain Requests for certain DOS-devices are parsed by the isapi filter that handles .cfm and .dbm and result in error messages containing the physical path to the web root." and when i tried the above vulnerability and requested for a nul.dbm file on the website, i got the following which indeed revealed the path to the web root Here is what i saw (changed the name of the site to protect private info) The requested file "F:\webcorp\acme.com\nul.dbm" cannot be found. The specific sequence of files included or processed is: F:\webcorp\acme.com\nul.dbm Bugtraq says that this is called an Input validation error and is very critical and must be patched.. What i wanted to know know how this vulnerability can result in more harm, i mean after exploiting it all i got to know is the path and nothing else, now at this point how an attacker can really exploit this vulnerability and gain access to the web site or deface it?? in short How is it possible for an attacker to compromise the server or deface the site when only the physical path is known. Any responses with exploit examples would be highly appreciated as that would help me test the exploit and prove that this is indeed a red alert sign and should be patched immediately. Thanking you Maverick_12210
Current thread:
- Coldfusion Path Disclosure Vulnerability, Help Required Maverick The Techie (Feb 28)
- Re: Coldfusion Path Disclosure Vulnerability, Help Required Clinton Moore (Mar 07)