SurgeLDAP User.CGI Directory Traversal Vulnerability
BID:10103
Info
SurgeLDAP User.CGI Directory Traversal Vulnerability
| Bugtraq ID: | 10103 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 12 2004 12:00AM |
| Updated: | Apr 12 2004 12:00AM |
| Credit: | Discovery is credited to Dr_insane. |
| Vulnerable: |
NetWin SurgeLDAP 1.0 g NetWin SurgeLDAP 1.0 e NetWin SurgeLDAP 1.0 d |
| Not Vulnerable: | |
Discussion
SurgeLDAP User.CGI Directory Traversal Vulnerability
SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files.
A remote attacker could exploit this issue to gain access to system files outside of the web root directory of the built-in web server. Files that are readable by the web server could be disclosed via this issue.
SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files.
A remote attacker could exploit this issue to gain access to system files outside of the web root directory of the built-in web server. Files that are readable by the web server could be disclosed via this issue.
Exploit / POC
SurgeLDAP User.CGI Directory Traversal Vulnerability
This issue may be exploited with a web browser. The following example was provided:
http://www.example.com:6680/user.cgi?cmd=show&page=/../../../boot.ini
This issue may be exploited with a web browser. The following example was provided:
http://www.example.com:6680/user.cgi?cmd=show&page=/../../../boot.ini
Solution / Fix
SurgeLDAP User.CGI Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SurgeLDAP User.CGI Directory Traversal Vulnerability
References:
References:
- SurgeLDAP 1.0g Web service user.cgi File retrieval (Dr_insane)
- SurgeLDAP Homepage (NetWin)