Chili!Soft ASP Sample Scripts Directory Traversal Vulnerability
BID:2407
Info
Chili!Soft ASP Sample Scripts Directory Traversal Vulnerability
| Bugtraq ID: | 2407 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 20 2001 12:00AM |
| Updated: | Feb 20 2001 12:00AM |
| Credit: | Reported to bugtraq by Stan Bubrouski <[email protected]> on Feb 21, 2001. |
| Vulnerable: |
Chilisoft ChiliSoft ASP for Linux 3.5.2 Chilisoft ChiliSoft ASP for Linux 3.5 Chilisoft ChiliSoft ASP for Linux 3.0 |
| Not Vulnerable: | |
Discussion
Chili!Soft ASP Sample Scripts Directory Traversal Vulnerability
Chili!Soft ASP contains sample scripts which are vulnerable to a directory traversal attack.
By including '/../' sequences in requests submitted to the vulnerable scripts, a remote attacker can force the script to read and display the contents of files outside the normal directory tree. This can permit the attacker to read files from the /opt/casp directory, including those which contain sensitive information including database usernames/passwords, server logs, and the admin interface username/password.
Chili!Soft ASP contains sample scripts which are vulnerable to a directory traversal attack.
By including '/../' sequences in requests submitted to the vulnerable scripts, a remote attacker can force the script to read and display the contents of files outside the normal directory tree. This can permit the attacker to read files from the /opt/casp directory, including those which contain sensitive information including database usernames/passwords, server logs, and the admin interface username/password.
Exploit / POC
Chili!Soft ASP Sample Scripts Directory Traversal Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Chili!Soft ASP Sample Scripts Directory Traversal Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Chili!Soft ASP Sample Scripts Directory Traversal Vulnerability
References:
References: