WebCom datakommunikation Guestbook 0.1 wguest.exe Arbitrary File Access

1999-04-09T00:00:00
ID EDB-ID:20446
Type exploitdb
Reporter Mnemonix
Modified 1999-04-09T00:00:00

Description

WebCom datakommunikation Guestbook 0.1 wguest.exe Arbitrary File Access. CVE-1999-0287 ,CVE-1999-0467. Remote exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/2024/info

The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook (undetermined at the time of writing) are vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access. This can be accomplished by specifying the path and filename as the parameter "template" to either rguest.exe or wguest.exe - see Exploit for example. These two programs typically reside in /cgi-bin. 

A request for http://server/cgi-bin/wguest.exe?template=c:\boot.ini will return the remote Web server's boot.ini