Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

DST2K0042.txt

🗓️ 28 Sep 2000 00:00:00Reported by Delphis Security TeamType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

Vulnerability found in Talentsoft Web+ allowing file read/execute on Linux systems.

Code
`----- Forwarded message from "Whitehouse, Ollie" <[email protected]> -----  
  
Approved-By: [email protected]  
Delivered-To: [email protected]  
Delivered-To: [email protected]  
X-Mailer: Internet Mail Service (5.5.2650.21)  
Date: Thu, 28 Sep 2000 17:13:46 +0100  
Reply-To: "Whitehouse, Ollie" <[email protected]>  
From: "Whitehouse, Ollie" <[email protected]>  
Subject: DST2K0042: Possible to read/execute any file with Talentsoft Web+  
Application Server example scripts.  
X-To: "[email protected]"  
<[email protected]>,  
"[email protected]"  
<[email protected]>  
To: [email protected]  
  
============================================================================  
Delphis Consulting Plc  
============================================================================  
  
Security Team Advisories  
[26/09/2000]  
  
[email protected]  
[http://www.delphisplc.com/thinking/whitepapers/]  
  
============================================================================  
Adv : DST2K0042  
Title : Possible to read any file with Talentsoft Web+ Application  
Server example scripts.  
Author : DCIST ([email protected])  
O/S : Affected: Linux  
Not Affected: Microsoft Windows NT  
Product : 4.6 Client-Server Linux (webpsvr Build 539)  
4.6 Linux (Build 25)  
Date : 26/09/2000  
  
I. Description  
  
II. Solution  
  
III. Disclaimer  
  
  
============================================================================  
  
I. Description  
============================================================================  
  
Vendor URL: http://www.talentsoft.com/  
  
Delphis Consulting Internet Security Team (DCIST) discovered the following  
vulnerability in Web+ Application Server under Linux.  
  
Severity: High  
  
If the default example scripts are installed it is possible to execute/read  
any file which Web+ user (default is 'nobody') has access to using the  
Web+Ping example.  
  
To exploit simply place a '|' after the parameter you which to provide to  
ping and then the command you wish to execute.  
  
e.g:  
Goto:  
http://target/cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml  
  
Then type in host destination box:  
127.0.0.1 | cat /etc/passwd  
  
You will then be presented with the contents of the /etc/passwd file.  
  
It is not possible to exploit this vulnerability under the WindowsNT  
edition due to the fact that it does not seem to run a command shell  
but rather a CreateProcess call to allow the application to run.  
  
II. Solution  
============================================================================  
  
Vendor Status: Informed  
  
Vendor solution below:  
  
"We are in the process of modifying this script, but are recommending that  
users on servers disable the webrun command in the webplus server admin  
area for best protection against the exploitation of the example scripts.  
We are also in the process of modifying these scripts to be more secure."  
  
TalentSoft will be providing details of how to do the above at the below  
URL.  
  
TalentSoft Security Section:  
http://developer.talentsoft.com/security.html  
  
III. Disclaimer  
============================================================================  
THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT  
THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR  
IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE  
PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR  
CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE  
PLACED ON, THIS INFORMATION FOR ANY PURPOSE.  
============================================================================  
This e-mail and any files transmitted with it are intended solely for the  
addressee and are confidential. They may also be legally  
privileged.Copyright in them is reserved by Delphis Consulting PLC  
["Delphis"] and they must not be disclosed to, or used by, anyone other than  
the addressee.If you have received this e-mail and any accompanying files in  
error, you may not copy, publish or use them in any way and you should  
delete them from your system and notify us immediately.E-mails are not  
secure. Delphis does not accept responsibility for changes to e-mails that  
occur after they have been sent. Any opinions expressed in this e-mail may  
be personal to the author and may not necessarily reflect the opinions of  
Delphis  
  
----- End forwarded message -----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 Sep 2000 00:00Current
7.4High risk
Vulners AI Score7.4
file vulnerabilitytalentsoft web+ serverlinux securityexample scriptshigh severity security
23