Novell NetWare Web Server 2.x convert.bas Vulnerability

1996-07-03T00:00:00
ID EDB-ID:20448
Type exploitdb
Reporter TTT Group
Modified 1996-07-03T00:00:00

Description

Novell NetWare Web Server 2.x convert.bas Vulnerability. CVE-1999-0175. Remote exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/2025/info

Novell NetWare Web Server 2.x versions came with a CGI written in BASIC called convert.bas. This script allows retrieval of files outside of the normal web server context. This can be accomplished simply by submitting the filename and path as a parameter to the script, using relative paths (../../) to traverse directories. Access may or may not be limited to the SYS: volume. 

http://targethost/scripts/convert.bas?../../anything/you/want/to/view