Cosmicperl Directory Pro 2.0 - Arbitrary File Disclosure

EDB-ID:

20887


Author:

Marshal

Type:

remote


Platform:

CGI

Date:

2001-05-28


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/2793/info

Webdirectory Pro is a web application used to create a searchable directory of links developed by Cosmicperl.

Webdirectory Pro contains an input validation vulnerability which may lead to disclosure of sensitive information to attackers. The value of the 'show' variable is not properly validated and can be used to force 'directorypro.cgi' to output the contents of an arbitrary webserver-readable file to a remote attacker.

This is due to a lack of checks for NULL bytes in user-supplied data. 

Submit a request such as this to a vulnerable webserver:

http://target/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/motd%00

This will result in the contents of '/etc/motd' being output.