what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

BWL-00-03.txt

BWL-00-03.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-03 (March 21, 2000) - Some Infonautics' applications utilize the getdoc.cgi CGI in such a way that allows attackers to gain (read) access to a document they would otherwise have to pay in order to view. Exploit information included.

tags | cgi
SHA-256 | 452d7b13a78df9296b9e59cb7fe9b53a341a3e312bef4a8b78dbb6ff6b070cba

BWL-00-03.txt

Change Mirror Download
   
Black Watch Lab - Vulnerabilities

Black Watch Labs ID: BWL-00-03

Infonautics' getdoc.cgi may allow unauthorized access to documents
Black Watch Labs Security Advisory #00-03 (March 21, 2000)
Name:
Infonautics' getdoc.cgi may allow unauthorized access to documents
Black Watch Labs ID:
BWL-00-03
Date Released:
March 21, 2000
Category:
Application (HTML) - parameter manipulation
Products affected:
Some Infonautics' applications
Number of affected sites/pages/users:
The list of Infonautics-based sites appears in the Infonautics site. Some of them certainly possess this
vulnerability.
Summary:
Some Infonautics' applications utilize the getdoc.cgi CGI in such a way that allows attackers to gain (read) access to
a document they would otherwise have to pay in order to view.
Analysis:
The exact mechanism of getdoc.cgi is not clear to the authors of this advisory, yet what is known is as following:

This CGI is used by Infonautics' applications in order to view/purchase documents in archives and alike sites. The CGI
is called with several parameters, and there are probably several "modes" and/or defaults (for missing parameters).
However, it was observed that when the CGI is called in the following manner:
getdoc.cgi?id=whatever-this&OIDS=whatever-that&Form=RL
or
getdoc.cgi?id=whatever-this&OIDS=whatever-that&Form=RL&m=1

then it is possible to remove the "RL" value from the "Form" field, and the application will grant access to the
document without going through the payment phase.

As the mechanism implemented in getdoc.cgi is not fully understood, it is possible that links having the above format
will not be vulnerable, and it may also be possible that links which do not conform to the above format will be
vulnerable.
Exploits:
As noted above, if a link is encountered in the following format:
getdoc.cgi?id=whatever-this&OIDS=whatever-that&Form=RL&m=1
then an attacker can remove the RL and send:
getdoc.cgi?id=whatever-this&OIDS=whatever-that&Form=&m=1
Vendor Status:
Vendor notified.
Vendor Patch or workaround:
No patch or workaround available at the time of this release.

References and Links:
Infonautics: www.infonautics.com
About Black Watch Labs (www.perfectotech.com/blackwatchlabs/)
Black Watch Labs is a research group operated by Perfecto Technologies Inc., the leader in Web Application Security
Management. Black Watch Labs was established in order to further the knowledge of the Internet community in the arena
of Web application security management. Black Watch Labs publishes security advisories regularly, which are maintained
at http://www.perfectotech.com/blackwatchlabs/, and are also posted to relevant security lists and Web sites. Black
Watch Labs also operates a Web application security mailing list, which can be subscribed to at
http://www.perfectotech.com/blackwatchlabs/. For more info about Black Watch Labs and Web Application Security
Management, please call (408) 855-9500 or email BlackWatchLabs@perfectotech.com.

About Perfecto Technologies (http://www.perfectotech.com/)
Founded in 1997 and headquartered in Santa Clara, Calif., Perfecto Technologies is the leader in Web Application
Security Management software. AppShield(TM), Perfecto's flagship product, is the first to provide automatic Web site
security, enabling companies to realize faster time to market while meeting the demand for privacy and security. Black
Watch Labs was established to further the knowledge of Web application security within the Internet security
community. Privately held, Perfecto is funded by blue-chip venture capital firms and industry leaders, including
Goldman Sachs, Intel Corporation, Sequoia Capital, The Sprout Group and Walden Israel. More information about Perfecto
Technologies may be obtained by visiting the Company's Web site at www.perfectotech.com or by calling the Company
directly at (408) 855-9500.
Copyright © 1997-2000 Perfecto Technologies LTD. All rights reserved.
Permission is hereby granted to reproduce and distribute the application security alerts herein in their entirety,
provided the information, this notice and all other Perfecto Technologies marks remain intact.
Specific Limitations on Use of the Black Watch Labs Advisories
THIS ADVISORY INCLUDES INFORMATION WHICH WILL ILLUSTRATE CERTAIN SECURITY RISKS AND ISSUES ASSOCIATED WITH SITES ON
THE INTERNET, INCLUDING, POTENTIALLY, YOUR SITE. YOU AGREE THAT YOUR VIEWING OF THIS ADVISORY IS SOLELY FOR THE
PURPOSES OF UNDERSTANDING THESE RISKS AND ISSUES WITH RESPECT TO YOUR SITE AND THE PRODUCTS AND SERVICES OFFERED BY
PERFECTO TECHNOLOGIES. YOU AGREE NOT TO USE ANY INFORMATION DISCLOSED TO YOU FOR ANY IMPROPER OR ILLEGAL PURPOSE,
INCLUDING TO VIOLATE THE SECURITY OF ANY OTHER PERSON'S SITE. YOU ARE EXPLICITLY WARNED THAT THE USE FOR ANY IMPROPER
PURPOSE OF INFORMATION DISCLOSED TO YOU COULD SUBJECT YOU TO CIVIL AND CRIMINAL LIABILITY IN THE UNITED STATES AND
OTHER COUNTRIES.
NO WARRANTY
Any material furnished by Perfecto Technologies is furnished on an "as is" basis and may change without notice.
Perfecto Technologies makes no warranties of any kind, either expressed or implied as to any matter including but not
limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use
of the material. Neither does Perfecto Technologies make any warranty of any kind with respect to freedom from patent,
trademark or copyright infringement. In no event shall Perfecto Technologies be liable for any damages whatsoever
arising out of or in connection with the use or spread of this information. Any use of this information is at the
user's own risk.
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close