Talentsoft Web+ Source Code Disclosure Vulnerability
BID:1722
Info
Talentsoft Web+ Source Code Disclosure Vulnerability
| Bugtraq ID: | 1722 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Sep 27 2000 12:00AM |
| Updated: | Sep 27 2000 12:00AM |
| Credit: | Discovered by Delphis <[email protected]> and posted in a Delphis security advisory <DST2K0032> on Sep 27, 2000 |
| Vulnerable: |
TalentSoft Web+ Server 4.6 TalentSoft Web+ Monitor 4.6 TalentSoft Web+ Client 4.6 |
| Not Vulnerable: | |
Discussion
Talentsoft Web+ Source Code Disclosure Vulnerability
Talentsoft Web+ is a web application server that can be integrated with various web technologies.
Web+ can be used to display the source code of WML files residing on an NTFS parition by appending certain data to the known WML file. This vulnerability is also known to work if the scripts directory is set to the web root which enables the disclosure of other script (eg. ASP files) source code.
Successful exploitation of this vulnerability may reveal source code, table names, usernames, passwords, and other forms of confidential data.
Talentsoft Web+ is a web application server that can be integrated with various web technologies.
Web+ can be used to display the source code of WML files residing on an NTFS parition by appending certain data to the known WML file. This vulnerability is also known to work if the scripts directory is set to the web root which enables the disclosure of other script (eg. ASP files) source code.
Successful exploitation of this vulnerability may reveal source code, table names, usernames, passwords, and other forms of confidential data.
Exploit / POC
Talentsoft Web+ Source Code Disclosure Vulnerability
http://target/cgi-bin/webplus.exe?script=test.wml::$DATA
http://target/cgi-bin/webplus.exe?script=test.wml::$DATA
Solution / Fix
Talentsoft Web+ Source Code Disclosure Vulnerability
Solution:
Talensoft has addressed this issue:
"You require build 542 (to fully disable the parsing of ::$DATA requires using a newly rebuilt webplus.dll in addition to the use of build 542 of webpsvc.exe web+ server)). If you have any issues obtaining this patch please contact Talentsoft support."
Solution:
Talensoft has addressed this issue:
"You require build 542 (to fully disable the parsing of ::$DATA requires using a newly rebuilt webplus.dll in addition to the use of build 542 of webpsvc.exe web+ server)). If you have any issues obtaining this patch please contact Talentsoft support."