Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

webapp.traversal.txt

🗓️ 26 Aug 2004 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

WebAPP has a serious reverse directory traversal vulnerability exposing sensitive user data.

Code
`  
  
  
WebAPP is advertised as the internet's most feature rich,  
easy to run PERL based portal system.  
Its home site is at http://www.web-app.org/  
Some features are :  
  
-Easy to Install on standard Unix servers!  
(Windows user-supported only!)  
-User Profiles  
-Message forums  
-Private messaging between members  
-Blog-style News Articles  
-Links and Downloads  
-Customizable themes  
-Multiple language support  
-Flat-file System-NO SQL DATABASE!  
-Membership controls  
-Open source  
  
Several user mods are also available which ranges from chat  
to e-commerce applications.  
  
Several vulnerabilities in these mods have already been  
discovered.   
  
  
  
The WebAPP system itself has a serious reverse directory  
traversal vulnerability.  
  
Example..  
  
1) Go to http://cornerstone.web-app.org/cgi-bin/index.cgi  
/this is their main support site/  
  
2) Click on Articles on the main menu at the left side of  
the screen  
  
3) Click on any of the icons representing the misc topics  
available /i chose the "bugs" section/  
  
4) You'll wind up with the url "http://cornerstone.web-app.org/cgi-bin/index.cgi?action=topics&viewcat=bugs"  
on the address bar on your browser. Change it to  
"http://cornerstone.web-app.org/cgi-bin/index.cgi?action=topics&viewcat=../../../../../../../etc/passwd%00"  
  
5)View the html source for the page  
  
  
  
A more interesting file to look at would be;  
"http://cornerstone.web-app.org/cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00"  
  
View the html source code and scroll down until you come to  
the line with;  
href="index.cgi?action=viewnews&id=adUCOOzV2ljgg"></a></td>  
  
"adUCOOzV2ljgg" is the hashed password of the Administrator.  
It's standard DES encrypted so you can  
run a password cracking program to crack it  
  
Every user would have a corresponding .dat file within the  
db/members directory  
  
  
PhTeam Release  
  
Greetz to PATz, Luvchr|s, Verum, Fed-X, rebarz99, hEps,  
ch1m3ra, and sa mga posers na kupal sa #oneball  
  
  
  
  
  
Philweb Corporation FREEMAIL Services  
http://www.philwebinc.com  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Aug 2004 00:00Current
7.4High risk
Vulners AI Score7.4
webapp security vulnerabilityreverse directory traversalsensitive user dataopen source systemuser modspassword cracking.
30