22th May 2002 [SBWID-5360]
COMMAND
Stronghold secure webserver sample script path disclosure
SYSTEMS AFFECTED
Stronghold 3.0 (And may be other)
PROBLEM
In Tamer Sahin of securityoffice [http://www.securityoffice.net]
advisory :
Any user can send an request Stronghold sample script \'swish\' causing
it to reveal the full path to the webroot. In some cases swish will
display system specific information html source code.
http://host/cgi-bin/search
=======================SNIP========================
<HTML>
<HEAD>
<TITLE>Welcome to Stronghold!</TITLE>
</HEAD>
<BODY BGCOLOR=\"#FFFFFF\" TEXT=\"#000000\" VLINK=\"#FF0000\"
LINK=\"#0000FF\">
<H1 ALIGN=CENTER>Search Stronghold Documentation</H1>
<hr><form method=\"POST\" action=\"/cgi-bin/search\">
This is a searchable index of information.<br>
<b>Note:</b> <i>This service can only be used from a forms-capable
browser.</i><p>
Enter keyword(s): <input type=text name=\"keywords\" value=\"\" size=30>
<input type=submit value=\" Search \">
<input type=reset value=\" Reset \">
<p>
<input type=hidden name=message value=\"If you can see this, then your
browser can\'t support hidden fields.\">
<input type=hidden name=source value=\"manual.swish\">
(!) <input type=hidden name=sourcedir
value=\"/home/ts/stronghold/swish/\"> (!)
<input type=hidden name=maxhits value=\"40\">
<input type=hidden name=sorttype value=\"score\">
<input type=hidden name=host value=\"\">
<input type=hidden name=port value=\"\">
<input type=hidden name=searchprog value=\"swish\">
<input type=hidden name=iconurl value=\"/icons\">
<input type=hidden name=useicons value=\"yes\">
</form><hr>
=======================SNIP========================
SOLUTION
??
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
