Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2223 |
Message | WEB-CGI csNews.cgi access |
Summary | This event is generated when an attempt is made to access csNews.cgi on an internal web server. This may indicate an attempt to exploit a file disclosure vulnerability in csNews.cgi, a script distributed by CGIScript.NET. |
Impact | Information disclosure. The attacker must have an authenticated account to successfully execute this exploit. |
Detailed Information | csNews.cgi is a Perl script that manages web-based news items, and contains a vulnerability in its ability to decode and filter out double-decoded URL data on the Advanced Settings page. An authenticated attacker can insert double-decoded directory traversals and file names into the header or footer parameters in csNews.cgi, and the files will appear in the header or footer of the page. |
Affected Systems | Systems running CGISCRIPT.NET csNews 1.0 or CGISCRIPT.NET csNews Professional 1.0 |
Attack Scenarios | An attacker crafts a URL with /../../passwd double-encoded in the header or footer parameter. If the password file exists in that location, the file will appear in the header or footer of the web page. |
Ease of Attack | Simple. Exploits exist. |
Corrective Action | It is not known if this vulnerability has been patched or fixed in later versions. Contact the vendor for more information. |
Additional References | |
Rule References | bugtraq: 4994 cve: 2002-0923 nessus: 11726 |
--
DID:342367
--
http://www.aanval.com/