IBM Net.Data 7.0 - Full Path Disclosure

EDB-ID:

20441

CVE:

2000-1110

EDB Verified:

Author:

Chad Kalmes

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2000-11-29

Vulnerable App: 
source: https://www.securityfocus.com/bid/2017/info

IBM Net.Data is a scripting language used to create web applications, it supports a wide range of language environments and is compatible with most recognized databases.

Net.Data contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, comprised of an invalid request and known database, will reveal the physical path of server files.

Successful exploitation of this vulnerability could assist in further attacks against the victim host. 

http://target/cgi-bin/db2www/library/document.d2w/show

DTWP029E: Net.Data is unable to locate the HTML block SHOW in file /projects/www/netdata/macro/software/library/document.d2w.
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services