Webtrends HTTP Server %20 bug

From: Auriemma Luigi (kaino3at_private)
Date: Sun Jun 03 2001 - 03:41:51 PDT

Next message: Roman Drahtmueller: "SuSE Security Announcement: gpg/GnuPG (SuSE-SA:2001:020)"

Previous message: Sym Security: "Re: Nortan Antivirus 2000 Poproxy.exe problem"
Next in thread: Michael Grice: "Re: Webtrends HTTP Server %20 bug"
Reply: Michael Grice: "Re: Webtrends HTTP Server %20 bug"
Reply: H D Moore: "Re: Webtrends HTTP Server %20 bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

*** I'm sorry if this bug is already known, but I have not found it in the
SecurityFocus and other archives.

Author: Auriemma Luigi



VERSION TESTED: Webtrends HTTP Server V3.1c (Webtrends Reporting Server)

RISK: Viewing the source of the cgi scripts


The bug is really simple. If the attacker insert an unicode space (%20)
after the script file, the server think that the file requested is not a
cgi script and for this it shown the source; this is an example:

http://host/remote_login.pl%20


And the result is the source of "remote_login.pl".

I have not contacted Webtrends because I wait for more opinions, and for
result with other versions.



Thanks for your attention.

Next message: Roman Drahtmueller: "SuSE Security Announcement: gpg/GnuPG (SuSE-SA:2001:020)"
Previous message: Sym Security: "Re: Nortan Antivirus 2000 Poproxy.exe problem"
Next in thread: Michael Grice: "Re: Webtrends HTTP Server %20 bug"
Reply: Michael Grice: "Re: Webtrends HTTP Server %20 bug"
Reply: H D Moore: "Re: Webtrends HTTP Server %20 bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 08:42:32 PDT