Gattaca Server 2003 Language Variable Path Exposure

2004-07-15T07:17:10
ID OSVDB:7923
Type osvdb
Reporter Dr_insane(dr_insane@pathfinder.gr)
Modified 2004-07-15T07:17:10

Description

Vulnerability Description

Gattaca Server 2003 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user sends a specially crafted URL manipulating the language variable, which will disclose the root path information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Gattaca Server 2003 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user sends a specially crafted URL manipulating the language variable, which will disclose the root path information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=[invalid_string] http://[victim]/index.tmpl?HELPID=1000&TEMPLATE=skins//water&LANGUAGE=/

References:

Secunia Advisory ID:12071 Related OSVDB ID: 7922 Related OSVDB ID: 7924 Related OSVDB ID: 7926 Related OSVDB ID: 7927 Related OSVDB ID: 7925 Other Advisory URL: http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt ISS X-Force ID: 16700