Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: pagelog1.htm

Pagelog.cgi Directory traversal vulnerability





    Mark Stratman found following. There is a small bug in PAGELOG.cgi
    by Metertek which allows users to create and view files.  Any file
    on the system with a  '.log' extension readable by the  uid/gid of
    the  webserver  can  be  viewed.   In  addition,  two  files  with
    extensions of '.txt'  and '.log' can  be created in  any directory
    on the system that is writable  by the web server.  This  bug lies
    in the failure of the script to check for directory traversal.

    Proofs of concept:

    Viewing '.log' file:
    - Create a file 'a.log' in tmp.
    - http://server/cgi-bin/pagelog.cgi?display=../../../../tmp/a
    - This will let you view a.log
    Creating files:
    - http://server/cgi-bin/pagelog.cgi?name=../../../../../tmp/blah
    - This will create blah.txt and blah.log in /tmp/


    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH