[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    Webcom's CGI Guestbook for Win32 web servers
From:       Mnemonix <mnemonix () GLOBALNET ! CO ! UK>
Date:       1999-04-09 19:41:39
[Download RAW message or body]

I reported a while back on Webcom's (www.webcom.se) CGI Guestbook (wguest.exe and \
rguest.exe) having a number of security problems where any text based file on an NT \
machine could be read from the file system provided the attacker knew the path to the \
file and the Anonymous Internet Account (IUSR_MACHINENAME on IIS) has the NTFS read \
right to the file in question. On machines such as Windows 95/98 without local file \
security every file is readable. wguest.exe is used to write to the Guestbook and \
rguest.exe is used to read from the Guestbook

Their latest version has made this simpler: A request for \
http://server/cgi-bin/wguest.exe?template=c:\boot.ini will return the remote Web \
server's boot.ini and \
http://server/cgi-bin/rguest.exe?template=c:\winnt\system32\$winnt$.inf will return \
the $winnt$.inf file.

Why the developers at Webcom have not resolved this issue in their latest version is \
bordering the criminal. I received no response to my mail to them about this. Anybody \
using this Guestbook should remove it as soon as possible and obtain another CGI \
Guestbook if you really need one.

Cheers,
David Litchfield

http://www.arca.com
http://www.infowar.co.uk/mnemonix/


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic