Gossamer Threads DBMan 2.0.4 DBMan Information Leakage Vulnerability

2000-05-05T00:00:00
ID EDB-ID:19903
Type exploitdb
Reporter Black Watch Labs
Modified 2000-05-05T00:00:00

Description

Gossamer Threads DBMan 2.0.4 DBMan Information Leakage Vulnerability. CVE-2000-0381. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/1178/info

Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user without any authorization. The parameters displayed include the local document root path, server administrator account name, web server software, platform, etc.

http://target/scripts/dbman/db.cgi?db=invalid-db