|
Vulnerability Ultraseek Affected Ultraseek Server 3.0 Description Following is based on a CHINANSL Security Advisory CSA-200012. CHINANLS security team has found a security problem in Ultraseek Server 3.0. It is possible that a malicious user can get the absolute path and source code of Ultraseek Server addons. Ultraseek Server with interpreter can interpret the script file and execute some correcpond functions, but Ultraseek Server have some bug to exploit the script file. (1) run arbitrary command: http://target:8765/null.html Ultraseek Server will return: The path where Ultraseek Server install and other information. (2) we can get the content of source code files with this bug too: http://target:8765/index.html/ Ultraseek Server will return the conten of index.html and other source code which work for Ultraseek Server. Sample: http://www.sun.com.cn:8765/index.html/ Solution Nothing yet.