`Date: Fri, 9 Apr 1999 20:41:39 +0100
From: Mnemonix <[email protected]>
To: [email protected]
Subject: Webcom's CGI Guestbook for Win32 web servers
I reported a while back on Webcom's (www.webcom.se) CGI Guestbook (wguest.exe and rguest.exe) having a number of security
problems where any text based file on an NT machine could be read from the file system provided the attacker knew the path to
the file and the Anonymous Internet Account (IUSR_MACHINENAME on IIS) has the NTFS read right to the file in question. On
machines such as Windows 95/98 without local file security every file is readable. wguest.exe is used to write to the Guestbook
and rguest.exe is used to read from the Guestbook
Their latest version has made this simpler: A request for http://server/cgi-bin/wguest.exe?template=c:\boot.ini will return the
remote Web server's boot.ini and http://server/cgi-bin/rguest.exe?template=c:\winnt\system32\$winnt$.inf will return the
$winnt$.inf file.
Why the developers at Webcom have not resolved this issue in their latest version is bordering the criminal. I received no
response to my mail to them about this. Anybody using this Guestbook should remove it as soon as possible and obtain another CGI
Guestbook if you really need one.
Cheers,
David Litchfield
http://www.arca.com
http://www.infowar.co.uk/mnemonix/
`