Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

DST2K0032.txt

🗓️ 28 Sep 2000 00:00:00Reported by Delphis Security TeamType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

Multiple vulnerabilities in Talentsoft WebPlus Server could reveal paths and internal IP addresses.

Code
`  
============================================================================  
Delphis Consulting Plc  
============================================================================  
  
Security Team Advisories  
[19/09/2000]  
  
[email protected]  
[http://www.delphisplc.com/thinking/whitepapers/]  
  
============================================================================  
Adv : DST2K0032  
Title : Multiple Issues with Talentsoft WebPlus Application Server  
Author : DCIST ([email protected])  
O/S : Microsoft Windows Nt 2000 Professional (SP1) / Linux  
Product : Web+ Server Version: 4.6 Client-Server NT  
(webpsvc.exe Build 539)  
Web+ Monitor Version: 4.6 Client-Server NT (Build  
14)  
Web+ Client Version: 4.6 NT (Build 25)  
Date : 19/09/2000  
  
I. Description  
  
II. Solution  
  
III. Disclaimer  
  
  
============================================================================  
  
I. Description  
============================================================================  
  
Vendor URL: http://www.talentsoft.com  
  
Delphis Consulting Internet Security Team (DCIST) discovered the following  
vulnerability in Webplus under Windows NT.  
  
Severity: low - Path revealing  
  
It is possible to cause Webplus to reveal the physical path which it is  
installed within. This is done by executing the CGI application and passing  
a single .  
  
example: http://127.0.0.1/cgi-bin/webplus.exe?script=.  
  
This will respond with an error message detailing the physical path.  
  
Severity: low - Internal IP address leakage  
  
If your server is being NAT'd (i.e. located behind a firewall/load balancer)  
it is possible to retrieve your internal IP address by passing the about  
option to the cgi application.  
  
example: http://127.0.0.1/cgi-bin/webplus.exe?about  
  
Severity: medium - Source code viewing on NTFS partitions  
  
It is possible to cause Webplus to reveal the source code of the WML files  
which are located on NTFS partitions. This is done by appending the data  
stream  
you wish on to the WML file.  
  
example: http://127.0.0.1/cgi-bin/webplus.exe?script=test.wml::$DATA  
  
The danger here as the Delphis team have demonstrated is being able to  
access  
DSN information (datasource, table names, usernames & passwords). It is also  
possible if the Script root has been set to the webroot to read the source  
code of other script files (i.e. ASP).  
  
example: http://127.0.0.1/cgi-bin/webplus.exe?script=test.asp::$DATA  
  
II. Solution  
============================================================================  
  
Vendor Status: Informed  
  
Delphis are happy to announce that Talentsoft has a patch for the above  
::$DATA issue. The following was information recieved from the vendor.  
  
You require build 542 (to fully disable the parsing of ::$DATA requires  
using a newly rebuilt webplus.dll in addition to the use of build 542 of  
webpsvc.exe web+ server)).  
  
If you have any issues obtaining this patch please contact Talentsoft  
support.  
  
III. Disclaimer  
============================================================================  
THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT  
THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR  
IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE  
PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR  
CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE  
PLACED ON, THIS INFORMATION FOR ANY PURPOSE.  
============================================================================  
This e-mail and any files transmitted with it are intended solely for the  
addressee and are confidential. They may also be legally  
privileged.Copyright in them is reserved by Delphis Consulting PLC  
["Delphis"] and they must not be disclosed to, or used by, anyone other than  
the addressee.If you have received this e-mail and any accompanying files in  
error, you may not copy, publish or use them in any way and you should  
delete them from your system and notify us immediately.E-mails are not  
secure. Delphis does not accept responsibility for changes to e-mails that  
occur after they have been sent. Any opinions expressed in this e-mail may  
be personal to the author and may not necessarily reflect the opinions of  
Delphis  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 Sep 2000 00:00Current
7.4High risk
Vulners AI Score7.4
vulnerabilities talentsoft webplus path revealing internal ip address source code viewing.
29