getIntranet folder_detail.asp Arbitrary Directory Manipulation

2004-09-09T13:50:21
ID OSVDB:9930
Type osvdb
Reporter Criolabs Staff(security@criolabs.net)
Modified 2004-09-09T13:50:21

Description

Vulnerability Description

getIntranet contains a flaw that may allow a remote attacker to manipulate arbitrary directories. The issues is due to the folder_detail.asp script not properly sanitizing user input and authenticating requests. By modifying the 'id' or 'lid' parameters passed to the script, an attacker could view or delete any folder.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

getIntranet contains a flaw that may allow a remote attacker to manipulate arbitrary directories. The issues is due to the folder_detail.asp script not properly sanitizing user input and authenticating requests. By modifying the 'id' or 'lid' parameters passed to the script, an attacker could view or delete any folder.

Manual Testing Notes

http://[victim]/welcome.asp?id=30&ctype=1&lid=f30&page=folder_detail.asp

References:

Vendor URL: http://www.get.za.com/ Secunia Advisory ID:12520 Related OSVDB ID: 9927 Related OSVDB ID: 9932 Related OSVDB ID: 9933 Related OSVDB ID: 9936 Related OSVDB ID: 9928 Related OSVDB ID: 9931 Related OSVDB ID: 9929 Other Advisory URL: http://www.criolabs.net/advisories/getintranet.txt