texis(CGI) Path Disclosure Vulnerability

From: - phinegeek - (phineat_private)
Date: Tue Feb 05 2002 - 21:13:44 PST

  • Next message: Russell Handorf: "Re: chaging your @home IP address... could you take a bunch of them....probably... could you get something from it...maybe"

    
     ('binary' encoding is not supported, stored as-is)
    Advisory:      texis(CGI) Path Disclosure Vulnerability
    Application:   Thunderstone's texis(CGI)
    Release Date:  02.05.02
    Severity:      Any user can send an invalid path to texis(CGI)
                causing it to reveal the full path to the webroot.
                   In some cases texis will display system specific
                   information(OS, processor type).
    Vendor Status: ThunderStone was contacted and has not responded since Jan.29.02
    
    Summary:
     Texis is a relational database management system used for indexing site
     content and for its search engine capabilities. Texis runs on the major
     Unix systems and Windows NT/2000. Supported Unix flavors include Solaris,
     Linux, Tru64, FreeBSD, Irix, BSDI, HP-UX, AIX, SCO & Unixware.
     Texis is used by many government agencies and major companies including
     ZDNet, eBay, RSA Security and others. Content managed by Texis can be
     queried using the texis program. The texis program executes files written
     in Texis Web Script(aka Vortex), an HTML-based, server-side scripting
     language developed by Thunderstone. It can be invoked from the command
     line, or as a CGI from the web server. Specifying an invalid path to a
     script causes texis to reveal the full path to the webroot. In some cases
     texis will reveal system specific information such as operating system
     and processor type.
    
    Disclaimer:
     This information is provided "AS IS". The author of this document
     disclaims all warranties, express and implied, with regard to this
     information. This information is provided only for legitimate security
     analysis purposes. The author does not condone the unauthorized access
     of systems, and specifically prohibits the use or reproduction of this
     information for such purposes. In no event shall the author be liable
     for any damages whatsoever arising out of or in connection with the use
     or dissemination of this information. Any use of this information is at
     the user's own risk.
    
    Exploitation:
    
     ZDNet
     http://hotfiles.zdnet.com/cgi-bin/texis/phine
     eBay
     http://search.ebay.com/cgi-bin/texis/phine
     RSA Security
     http://www.rsasecurity.com/programs/texis.exe/phine
     Dogpile Search Engine
     http://dpcatalog.dogpile.com/texis/websearch/phine
     Washington Post
     http://adsite.washpost.com/cgi-bin/texis.exe/phine
     California Dept. of Education
     http://inet5.cde.ca.gov/scripts/texis.exe/phine
    
    Author:
     phinegeek - phineat_private
    
    
    ------------------------------------------------------------
    This email was sent through the free email service at http://www.anonymous.to/
    To report abuse, please visit our website and click 'Contact Us.'  
    



    This archive was generated by hypermail 2b30 : Tue Feb 05 2002 - 21:33:25 PST