Master Index search.cgi Arbitrary File/Directory Access

2000-10-09T00:00:00
ID OSVDB:461
Type osvdb
Reporter Pestilence(pestilence@synnergy.net)
Modified 2000-10-09T00:00:00

Description

Vulnerability Description

Master Index contains a flaw that allows a remote attacker to access arbitrary files and directories outside of the web path. The issue is due to the "search.cgi" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "catigory" variable.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Master Index contains a flaw that allows a remote attacker to access arbitrary files and directories outside of the web path. The issue is due to the "search.cgi" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "catigory" variable.

Manual Testing Notes

http://[victim]/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../etc

References:

Other Advisory URL: http://www.synnergy.net/downloads/advisories/SLA-2000-16.masterindex.txt Nessus Plugin ID:10562 Keyword: Directory Traversal ISS X-Force ID: 5355 CVE-2000-0924 Bugtraq ID: 1772