FileSeek FileSeek.cgi Arbitrary File Access

2002-04-16T00:00:00
ID OSVDB:3589
Type osvdb
Reporter N|ghtHawk(nighthawk@hackers4hackers.nl)
Modified 2002-04-16T00:00:00

Description

Vulnerability Description

FileSeek contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the FileSeek.cgi program not properly sanitizing directory traversal style attacks (../../) supplied via the "head" or "foot" variables.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vulnerability discoverer has released a patch in the advisory to address this vulnerability.

Short Description

FileSeek contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the FileSeek.cgi program not properly sanitizing directory traversal style attacks (../../) supplied via the "head" or "foot" variables.

Manual Testing Notes

http://[victim]/cgi-bin/FileSeek.cgi?head=&foot=....//....//....//....//.... //....//....//etc/passwd http://[victim]/cgi-bin/FileSeek.cgi?head=....//....//....//....//....//.... //....//etc/passwd&foot=

References:

Vendor URL: http://www.cgi-perl.com/programs/FileSeek/ Snort Signature ID: 2207 Related OSVDB ID: 3590 Related OSVDB ID: 3588 Related OSVDB ID: 3587 Other Advisory URL: http://www.dsinet.org/textfiles/advisories/FileSeek-advisory.txt Other Advisory URL: http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html Keyword: Directory Traversal ISS X-Force ID: 8858 CVE-2002-0611 Bugtraq ID: 6784