Vulnerability
webpage.cgi
Affected
webpage.cgi
Description
'UkR-XblP' found following. The script allows several environment
variables to be viewed by the attacker, who can gain useful
information on the site, making further attacks more feasible.
webpage.cgi dumps useful information (e.g. script location, HTTP
root, version of Perl, server_admin, server_name, path) to the
browser when the database file provided is incorrect.
If site does not contain a file named ukr.htm, thus the following
URL displays the environment dump (note: this url may not work as
the vendor has applied the patch to the site. However, a similar
url, when applied within the necessary modifications to an
unprotected site would yield the desired result). Exploit:
http://www.victim.org/cgi-bin/replicator/webpage.cgi/313373/ukr.htm
Solution
Nothing yet.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
