[prev in list] [next in list] [prev in thread] [next in thread]
List: ntbugtraq
Subject: Webcom's CGI Guestbook for Win32 web servers
From: Mnemonix <mnemonix () GLOBALNET ! CO ! UK>
Date: 1999-04-09 19:41:39
[Download RAW message or body]
I reported a while back on Webcom's (www.webcom.se) CGI Guestbook (wguest.exe and \
rguest.exe) having a number of security problems where any text based file on an NT \
machine could be read from the file system provided the attacker knew the path to the \
file and the Anonymous Internet Account (IUSR_MACHINENAME on IIS) has the NTFS read \
right to the file in question. On machines such as Windows 95/98 without local file \
security every file is readable. wguest.exe is used to write to the Guestbook and \
rguest.exe is used to read from the Guestbook
Their latest version has made this simpler: A request for \
http://server/cgi-bin/wguest.exe?template=c:\boot.ini will return the remote Web \
server's boot.ini and \
http://server/cgi-bin/rguest.exe?template=c:\winnt\system32\$winnt$.inf will return \
the $winnt$.inf file.
Why the developers at Webcom have not resolved this issue in their latest version is \
bordering the criminal. I received no response to my mail to them about this. Anybody \
using this Guestbook should remove it as soon as possible and obtain another CGI \
Guestbook if you really need one.
Cheers,
David Litchfield
http://www.arca.com
http://www.infowar.co.uk/mnemonix/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic