Armada Master Index Path Traversal Vulnerability
BID:1772
Info
Armada Master Index Path Traversal Vulnerability
| Bugtraq ID: | 1772 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 18 2000 12:00AM |
| Updated: | Jul 18 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on Mon, 09 Oct 2000 by pestilence <[email protected]>. |
| Vulnerable: |
Armada Design Master Index 1.0 |
| Not Vulnerable: | |
Discussion
Armada Master Index Path Traversal Vulnerability
Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' (.../) of the web root directory and view/download any file which the user who is running Master Index has permission to read.
Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' (.../) of the web root directory and view/download any file which the user who is running Master Index has permission to read.
Exploit / POC
Armada Master Index Path Traversal Vulnerability
From the message to Bugtraq which detailed this issue (the message is included in it's entirety in the 'Credit' section of this vulnerability entry):
Example:
http://www.target.com/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../.. ../../etc
From the message to Bugtraq which detailed this issue (the message is included in it's entirety in the 'Credit' section of this vulnerability entry):
Example:
http://www.target.com/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../.. ../../etc
Solution / Fix
Armada Master Index Path Traversal Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].