[NEWS] Texis CGI Path Disclosure Vulnerability
From: support@securiteam.comDate: 02/11/02
- Previous message: support@securiteam.com: "[NEWS] MSN Contact List Disclosure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 11 Feb 2002 20:06:05 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Texis CGI Path Disclosure Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.thunderstone.com/texis/site/pages/Products.html> Texis is the
only fully integrated SQL RDBMS that intelligently queries and manages
databases containing natural language text, standard data types,
geographic information, images, video, audio, and other payload data.
Any user can send an invalid path to Texis causing it to reveal the full
path to the web root.
Also, in some cases Texis will display system specific information (OS,
processor type).
DETAILS
Texis is a relational database management system used for indexing site
content and for its search engine capabilities. Texis runs on the major
UNIX systems and Windows NT/2000. Supported UNIX flavors include Solaris,
Linux, Tru64, FreeBSD, IRIX, BSDI, HP-UX, AIX, SCO, and UnixWare. Texis is
used by many government agencies and major companies including ZDNet,
eBay, RSA Security and others. Content managed by Texis can be queried
using the Texis program. The Texis program executes files written in Texis
Web Script (a.k.a Vortex), an HTML-based, server-side scripting language
developed by Thunderstone. It can be invoked from the command line, or as
a CGI from the web server. Specifying an invalid path to a script causes
Texis to reveal the full path to the web root.
Exploitation:
ZDNet
http://hotfiles.zdnet.com/cgi-bin/texis/phine
eBay
http://search.ebay.com/cgi-bin/texis/phine
RSA Security
http://www.rsasecurity.com/programs/texis.exe/phine
Dogpile Search Engine
http://dpcatalog.dogpile.com/texis/websearch/phine
Washington Post
http://adsite.washpost.com/cgi-bin/texis.exe/phine
California Dept. of Education
http://inet5.cde.ca.gov/scripts/texis.exe/phine
ADDITIONAL INFORMATION
The information has been provided by <mailto:phine@anonymous.to> -
phinegeek -.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] MSN Contact List Disclosure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
