Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Adminware, Control Panels :: countc~2.txt

Count CGI hole - view any GIF on the host

From: Razvan Dragomirescu <>
Subject:      Security flaw in Count.cgi (wwwcount)
Status: RO

Hash: SHA1

Hi all,

I have found a vulnerability in Muhammad A. Muquit's wwwcount version 2.3
which allows remote users to read any GIF file on the server, regardless
of HTTP permissions set. The file must be readable by the user running the
HTTP server and it can be anywhere on the disk (not only under the
HTTP daemon's document root directory)

It appears that the bug is present ONLY in version 2.3. Older versions do
not have it.

Here's how it works:

Using an URL like
you can see (and download) any GIF image on the server.

You can't use this to download other file types because the program
checks the file format.

The use for this is not yet very clear, but some companies might have
sensitive information in GIF files (charts, drafts etc.). And of course,
this is heaven for XXX site hunters who can bypass user-level
authentication and download the image if they know the name and the path.

And one more thing. A search on AltaVista for "Count.cgi" returned about
200.000 matches. I do not know how many of them were versions 2.3.... but
even 50.000 vulnerable computers do not make me feel comfortable.

Be good.

P.S. You can find information about wwwcount at

- --
Razvan Dragomirescu
Phone: +40-1-6866621
"Smile, tomorrow will be worse" (Murphy)

Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH