SurgeLDAP10.txt

`SurgeLDAP 1.0g Web service user.cgi File retrieval  
  
  
Release Date:  
April 13, 2004  
  
Severity:  
Low  
  
Vendor:  
http://netwinsite.com  
  
  
Details:  
SurgeLDAP is an advanced easy to manage and install high performance LDAP v3 server. It supports any  
number of schemas, easy to add/modify existing schemas, integrated web based user access, and fast  
browser based administration tools. And all relevant RFC protocols LDAP v2, LDAP v3, HTTP.With its  
features, support and price it is more powerful and cost effective than any other solution.  
Compatible to suck data from existing LDAP servers for easy data population.  
With a build in web server allowing your users to search your LDAP, or administrate the database.  
  
A flaw has been found in "user.cgi" that allow a remote user to retrieve an file on a system. By  
supplying the value "../" in "page" parametre you can read files outside the WWW root.  
  
for example: http://[host]:6680/user.cgi?cmd=show&page=/../../../boot.ini  
  
Workaround:  
Disable Web administration service  
  
Exploit:  
http://members.lycos.co.uk/r34ct/main/surgeLDAP.exe  
  
  
Credit:  
Dr_insane  
Http://members.lycos.co.uk/r34ct/  
  
  
  
  
Feedback  
Please send your comments to: [email protected]  
  
  
  
  
______________________________________________________________________________________  
http://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones!   
http://www.pathfinder.gr - ÄùñåÜí mail áðü ôïí Pathfinder!  
`