Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SLA-17.Anaconda.txt

🗓️ 15 Oct 2000 00:00:00Reported by synnergyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Flaw in Anaconda Foundation Directory allows filesystem traversal on Linux/UNIX via NULL byte injection.

Code
` Synnergy Laboratories Advisory SLA-2000-17  
  
NAME  
  
Anaconda Foundation Directory NULL byte vulnerability  
  
AFFECTED  
  
Linux/UNIX with Anaconda Foundation Directory  
  
SYNOPSIS  
  
Synnergy Labs has found a flaw within Anaconda Foundation Directory that allow  
s a user to   
successfully traverse the filesystem on a remote host, allowing arbitary files  
/folders to   
be read.  
  
  
DESCRIPTION   
  
The Anaconda Foundation Directory is a Yahoo style search engine based on the   
Open Directory   
project, www.dmoz.org. The Anaconda Foundation Directory allows you to dynamic  
ally integrate content into   
your site's own look and feel. This is the exact same content that Lycos featu  
res on their   
front page! Product pricing is $499 US.  
  
Anaconda Foundation Directory can be found at:http://anacondapartners.com/ap_a  
fodpdemo.shtml  
  
Synnergy has recently discovered a flaw within Anaconda Foundation Directory t  
hat allows a remote   
user to traverse the filesystem as a request to the script using the $template  
=_some_file_. It is   
then possible to read any file contents with priviledges as the httpd.  
Although the script checks for the file extension (.htm, .html, .shtml, .stm)   
adding a trailing   
%00.html, (a NULL byte in URL encoded format), at the end of the request will   
force the script to   
open the file.  
  
Example:   
  
http://www.target.com/cgi-bin/apexec.pl?etype=odp&template=../../../../../../.  
./../../etc/resolv.conf%00.html&passurl=/category/  
  
  
The above line if given will output the file contents of /etc/resolv.conf.  
  
SOLUTION  
  
The vendors have been informed of the bug. It is advised to wait for the next  
patched version of   
Anaconda Foundation Directory to be released.   
  
  
AUTHOR  
  
Discovery: pestilence @ synnergy.net  
  
  
DISCLAIMER  
  
Synnergy Laboratories may not be held liable for the use or potential  
effects of these programs or advisories, nor the content contained  
within. Use them at your own risk.  
  
COPYRIGHT  
  
Synnergy Laboratories - www.synnergy.net (c) 1998-2000   
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Oct 2000 00:00Current
7.4High risk
Vulners AI Score7.4
anaconda foundation directorynull byte vulnerabilityfilesystem traversalremote accesslinux unix security.
24