Moreover.com CGI File Disclosure Vulnerability
BID:1762
Info
Moreover.com CGI File Disclosure Vulnerability
| Bugtraq ID: | 1762 |
| Class: | Input Validation Error |
| CVE: |
CVE-2000-0906 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 02 2000 12:00AM |
| Updated: | Jun 01 2007 02:51AM |
| Credit: | This vulnerability was originally reported to bugtraq by CDI <[email protected]> on Mon, 2 Oct 2000. |
| Vulnerable: |
Moreover CGI script 0 |
| Not Vulnerable: | |
Discussion
Moreover.com CGI File Disclosure Vulnerability
The 'cached_feed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtain_file' function, designed to return the contents of a specified file for display in the browser, fails to adequately filter ".." character sequences in user-supplied input. As a result, a carefully formed URL that is submitted to the script can result in the disclosure of files (readable by HTTP user) outside of the CGI script's "allowed" area.
Version 1.0 of the product is affected. The vendor repaired the script and released version 2.0 before this vulnerability was published.
The 'cached_feed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtain_file' function, designed to return the contents of a specified file for display in the browser, fails to adequately filter ".." character sequences in user-supplied input. As a result, a carefully formed URL that is submitted to the script can result in the disclosure of files (readable by HTTP user) outside of the CGI script's "allowed" area.
Version 1.0 of the product is affected. The vendor repaired the script and released version 2.0 before this vulnerability was published.
Exploit / POC
Moreover.com CGI File Disclosure Vulnerability
The following proof-of-concept URI is available:
http://www.example.com/cgi-bin/cached_feed.cgi?../../../.+/etc/passwd
The following proof-of-concept URI is available:
http://www.example.com/cgi-bin/cached_feed.cgi?../../../.+/etc/passwd
Solution / Fix
Moreover.com CGI File Disclosure Vulnerability
Solution:
The vendor has repaired this script. Download the new version (v2.0) at:
http://w.moreover.com/dev/cache/
Solution:
The vendor has repaired this script. Download the new version (v2.0) at:
http://w.moreover.com/dev/cache/