Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: web5360.htm

Stronghold secure webserver sample script path disclosure



22th May 2002 [SBWID-5360]
COMMAND

	Stronghold secure webserver sample script path disclosure

SYSTEMS AFFECTED

	Stronghold 3.0 (And may be other)

PROBLEM

	In  Tamer  Sahin   of   securityoffice   [http://www.securityoffice.net]
	advisory :
	

	Any user can send an request Stronghold sample script \'swish\'  causing
	it to reveal the full path to the webroot.  In  some  cases  swish  will
	display system specific information html source code.
	

	http://host/cgi-bin/search
	

	=======================SNIP========================

	<HTML>

	<HEAD>

	<TITLE>Welcome to Stronghold!</TITLE>

	</HEAD>

	

	<BODY BGCOLOR=\"#FFFFFF\" TEXT=\"#000000\" VLINK=\"#FF0000\"

	LINK=\"#0000FF\">

	

	<H1 ALIGN=CENTER>Search Stronghold Documentation</H1>

	<hr><form method=\"POST\" action=\"/cgi-bin/search\">

	This is a searchable index of information.<br>

	<b>Note:</b> <i>This service can only be used from a forms-capable

	browser.</i><p>

	Enter keyword(s): <input type=text name=\"keywords\" value=\"\" size=30>

	<input type=submit value=\"  Search  \"> 

	<input type=reset value=\"  Reset  \">

	<p>

	<input type=hidden name=message value=\"If you can see this, then your

	browser can\'t support hidden fields.\">

	<input type=hidden name=source value=\"manual.swish\">

	(!) <input type=hidden name=sourcedir

	value=\"/home/ts/stronghold/swish/\"> (!)

	<input type=hidden name=maxhits value=\"40\">

	<input type=hidden name=sorttype value=\"score\">

	<input type=hidden name=host value=\"\">

	<input type=hidden name=port value=\"\">

	<input type=hidden name=searchprog value=\"swish\">

	<input type=hidden name=iconurl value=\"/icons\">

	<input type=hidden name=useicons value=\"yes\">

	</form><hr>

	=======================SNIP========================

	

	

SOLUTION

	??


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH