Turbo Seek tseekdir.cgi location Variable Arbitrary File Access

2004-09-12T00:00:00
ID OSVDB:9900
Type osvdb
Reporter durito(durito@mail.ru)
Modified 2004-09-12T00:00:00

Description

Vulnerability Description

Turbo Seek contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user requests a URL with a file name followed by a null byte ('%00') occurs, which will disclose the requested file resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.7.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Turbo Seek contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user requests a URL with a file name followed by a null byte ('%00') occurs, which will disclose the requested file resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/cgi-bin/cgi/tseekdir.cgi?location=/etc/passwd%00 http://[victim]/cgi-bin/tseekdir.cgi?id=799&location=/etc/passwd%00 http://[victim]/cgi-bin/tseekdir.cgi?location=../../../../../../../../../../etc/passwd%00

References:

Vendor URL: http://www.focalmedia.net/index_tb.html Vendor Specific Solution URL: http://www.focalmedia.net/tbdownload.html Security Tracker: 1011221 Secunia Advisory ID:12500 Other Advisory URL: http://lwb57.webmen.ru/advisories/text/adv17.txt Nessus Plugin ID:14719 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0159.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0184.html Bugtraq ID: 11163