Htmlscript file access bug
|Description:||Another stupid .. bug.|
|Author:||Dennis Moore <rainking@FEEDING.FRENZY.COM>|
|Compromise:||read any file the web server can read on the remote system.|
|Vulnerable Systems:||Those running htmlscript (distributed by www.htmlscript.com) |
|Date:||26 January 1998 |
Date: Mon, 26 Jan 1998 18:49:37 -0600
From: Dennis Moore <rainking@FEEDING.FRENZY.COM>
Subject: Vulnerability in htmlscript
Htmlscript (www.htmlscript.com) has a vulnerability in it which allows you
to access system files, presumably any file the web server user can access.
I don't have the source or even a copy of the program itself, so I can't
say whether this is a configuration problem or not. However, the fact that
the site which distributes the software is vulnerable is not promising.
According to its website, Miva (htmlscript 3.0) "is an HTML based web
development language which provides the power of scripting via new,
I suppose the number of ..s will depend on the location of the cgi program.
I glanced through their configuration file and it has a variable called
'htmlscriptroot' in it. Since you would apparently get an error if this
were not set, I don't think setting it resolves the problem.
I did not discover this exploit, and I have no previous experience with
htmlscript. The individual who reported it to me wishes to remain
anonymous. They confirmed the problem on at least one other server using
the cgi. Please do not email me about this problem.
pity this busy monster, manunkind, | Dennis Moore | Sarah
not. Progress is a comfortable disease. | firstname.lastname@example.org | McLachlan
-e.e. cummings: One Times One | archon on the irc | "Black"
If I cried me a river of all my confessions would I drown in my shallow regret?
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:
[ Nmap |
Sec Tools |
Mailing Lists |
Site News |