Lucene search

K

Moreover CGI script - File Disclosure

๐Ÿ—“๏ธย 02 Oct 2000ย 00:00:00Reported byย CDITypeย 
exploitdb
ย exploitdb
๐Ÿ”—ย www.exploit-db.com๐Ÿ‘ย 25ย Views

Show more
Related
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2000-0906
29 Nov 200005:00
โ€“cvelist
NVD
CVE-2000-0906
19 Dec 200005:00
โ€“nvd
CVE
CVE-2000-0906
19 Dec 200005:00
โ€“cve
source: https://www.securityfocus.com/bid/1762/info


The 'cached_feed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtain_file' function, designed to return the contents of a specified file for display in the browser, fails to adequately filter ".." character sequences in user-supplied input. As a result, a carefully formed URL that is submitted to the script can result in the disclosure of files (readable by HTTP user) outside of the CGI script's "allowed" area.

Version 1.0 of the product is affected. The vendor repaired the script and released version 2.0 before this vulnerability was published. 

http://www.example.com/cgi-bin/cached_feed.cgi?../../../.+/etc/passwd 

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
02 Oct 2000 00:00Current
7.4High risk
Vulners AI Score7.4
25
.json
Report