Exploit Database - Logo

Inktomi Search Software 3.0 - Source Disclosure

EDB-ID: 20467 Author: china nsl Published: 2000-12-05
CVE: N/A Type: Remote Platform: Multiple
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/2061/info


A vulnerability exists in version 3.0 of Ultrseek server (aka Inktomi Search).

Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:

http://target:8765/somefile.html/

will return the source to 'somefile.html'.

As a result, it is possible for an attacker to obtain source code to any Ultraseek scripts, which could be used to support further attacks.
« Previous Exploit Next Exploit »

Related Exploits

Trying to match OSVDBs (1): 88576
Other Possible E-DB Search Terms: Inktomi Search Software 3.0,  Inktomi Search Software
Date D V Title Author
2000-12-05 Verified Inktomi Search Software 3.0 - Information Disclosurechina nsl
Menu