Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Multiple Vulnerabilities Found in Talentsoft Webplus Software
Talentsoft Webplus software had been found to be vulnerable to multiple information gathering attacks that a malicous user could use to further compromise the web server.
Steve Manzuik
September 26, 2000
1 Min Read
Reported September 27, 2000 by Delphis Consulting VERSIONS AFFECTED DESCRIPTIONMultiple vulnerabilities have been found in Talentsoft Webplus 4.6. DEMONSTRATION The first vulnerability gives an attacker the ability to discover the physical path of web content. This can be done by executing a CGI application and passing a single "." for example; http://127.0.0.1/cgi-bin/webplus.exe?script=. The above example will result in an error message that contains the physical path of the web content. The second vulnerability allows an attacker to gain the true IP address of the web server if NAT is being used. An attacker has to simply enter the following URL; http://127.0.0.1/cgi-bin/webplus.exe?about The last vulnerability found allows a malicious user to view the source of WML files that are located on NTFS partitions. This can be accomplished by appending the data stream you wish to view on to the WML file. For example; http://127.0.0.1/cgi-bin/webplus.exe?script=test.wml::$DATA This is a rather dangerous vulnerability as other scripts such as ASP files could be read and possible sensitive information could be leaked. VENDOR RESPONSE According to Delphis Consulting, Talentsoft was been informed and has fixed the ::$DATA issue in their new build, 542. The status of the other issues are unknown at this time. CREDITDiscovered by Delphis Consulting |
About the Author(s)
You May Also Like
