Vulnerability Development mailing list archives

Re: texis(CGI) Path Disclosure Vulnerability

From: zeno <bugtraq () cgisecurity net>
Date: Wed, 6 Feb 2002 09:34:18 -0500 (EST)


Advisory:      texis(CGI) Path Disclosure Vulnerability
Application:   Thunderstone's texis(CGI)
Release Date:  02.05.02
Severity:      Any user can send an invalid path to texis(CGI)
            causing it to reveal the full path to the webroot.
               In some cases texis will display system specific
               information(OS, processor type).
Vendor Status: ThunderStone was contacted and has not responded since Jan.29.02



I was also non related working on this problem. Another thing to add is that
if you add a extention of .txt to the end of a filename it displays
the file in txt format rather then html. 

http://hotfiles.zdnet.com/cgi-bin/texis/.txt


Trying 205.181.112.68...
Connected to hotfiles.zdnet.com.
Escape character is '^]'.
GET /cgi-bin/texis/.txt HTTP/1.0

HTTP/1.1 200 OK
Date: Wed, 06 Feb 2002 14:46:23 GMT
Server: Apache/1.3.11 (Unix)
Connection: close
Content-Type: text/plain



Figured I'd add it since i no longer need to work on this any longer.

- zeno () cgisecurity com

Current thread:

texis(CGI) Path Disclosure Vulnerability - phinegeek - (Feb 05)
- <Possible follow-ups>
- Re: texis(CGI) Path Disclosure Vulnerability zeno (Feb 06)
- Re: texis(CGI) Path Disclosure Vulnerability mark-bugtraq (Feb 11)