what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

DST2K0032.txt

DST2K0032.txt
Posted Sep 28, 2000
Authored by Delphis Security Team | Site delphisplc.com

DST2K0032: Multiple Issues with Talentsoft WebPlus Application Server. Delphis Consulting Internet Security Team (DCIST) discovered low to medium severity vulnerabilities in Webplus under Windows NT.

tags | exploit, vulnerability
systems | windows
SHA-256 | ffc1c16883ca0443a77b4ee6a8af25d3b21541d176140bab9d1b83fa8a7d5a3b

DST2K0032.txt

Change Mirror Download

============================================================================
Delphis Consulting Plc
============================================================================

Security Team Advisories
[19/09/2000]

securityteam@delphisplc.com
[http://www.delphisplc.com/thinking/whitepapers/]

============================================================================
Adv : DST2K0032
Title : Multiple Issues with Talentsoft WebPlus Application Server
Author : DCIST (securityteam@delphisplc.com)
O/S : Microsoft Windows Nt 2000 Professional (SP1) / Linux
Product : Web+ Server Version: 4.6 Client-Server NT
(webpsvc.exe Build 539)
Web+ Monitor Version: 4.6 Client-Server NT (Build
14)
Web+ Client Version: 4.6 NT (Build 25)
Date : 19/09/2000

I. Description

II. Solution

III. Disclaimer


============================================================================

I. Description
============================================================================

Vendor URL: http://www.talentsoft.com

Delphis Consulting Internet Security Team (DCIST) discovered the following
vulnerability in Webplus under Windows NT.

Severity: low - Path revealing

It is possible to cause Webplus to reveal the physical path which it is
installed within. This is done by executing the CGI application and passing
a single .

example: http://127.0.0.1/cgi-bin/webplus.exe?script=.

This will respond with an error message detailing the physical path.

Severity: low - Internal IP address leakage

If your server is being NAT'd (i.e. located behind a firewall/load balancer)
it is possible to retrieve your internal IP address by passing the about
option to the cgi application.

example: http://127.0.0.1/cgi-bin/webplus.exe?about

Severity: medium - Source code viewing on NTFS partitions

It is possible to cause Webplus to reveal the source code of the WML files
which are located on NTFS partitions. This is done by appending the data
stream
you wish on to the WML file.

example: http://127.0.0.1/cgi-bin/webplus.exe?script=test.wml::$DATA

The danger here as the Delphis team have demonstrated is being able to
access
DSN information (datasource, table names, usernames & passwords). It is also
possible if the Script root has been set to the webroot to read the source
code of other script files (i.e. ASP).

example: http://127.0.0.1/cgi-bin/webplus.exe?script=test.asp::$DATA

II. Solution
============================================================================

Vendor Status: Informed

Delphis are happy to announce that Talentsoft has a patch for the above
::$DATA issue. The following was information recieved from the vendor.

You require build 542 (to fully disable the parsing of ::$DATA requires
using a newly rebuilt webplus.dll in addition to the use of build 542 of
webpsvc.exe web+ server)).

If you have any issues obtaining this patch please contact Talentsoft
support.

III. Disclaimer
============================================================================
THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR
IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE
PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
============================================================================
This e-mail and any files transmitted with it are intended solely for the
addressee and are confidential. They may also be legally
privileged.Copyright in them is reserved by Delphis Consulting PLC
["Delphis"] and they must not be disclosed to, or used by, anyone other than
the addressee.If you have received this e-mail and any accompanying files in
error, you may not copy, publish or use them in any way and you should
delete them from your system and notify us immediately.E-mails are not
secure. Delphis does not accept responsibility for changes to e-mails that
occur after they have been sent. Any opinions expressed in this e-mail may
be personal to the author and may not necessarily reflect the opinions of
Delphis

Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close