IBM Net.Data 7.0 - Full Path Disclosure

2000-11-29T00:00:00
ID EXPLOITPACK:EC42A52B7AD75BF5D8D0A27CABF54063
Type exploitpack
Reporter Chad Kalmes
Modified 2000-11-29T00:00:00

Description

IBM Net.Data 7.0 - Full Path Disclosure

                                        
                                            source: https://www.securityfocus.com/bid/2017/info

IBM Net.Data is a scripting language used to create web applications, it supports a wide range of language environments and is compatible with most recognized databases.

Net.Data contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, comprised of an invalid request and known database, will reveal the physical path of server files.

Successful exploitation of this vulnerability could assist in further attacks against the victim host. 

http://target/cgi-bin/db2www/library/document.d2w/show

DTWP029E: Net.Data is unable to locate the HTML block SHOW in file /projects/www/netdata/macro/software/library/document.d2w.