SurgeLDAP 1.0g Web service user.cgi File retrieval


Release Date:
April 13, 2004

Severity:
Low

Vendor:
https://netwinsite.com


Details:
SurgeLDAP is an advanced easy to manage and install high performance LDAP v3 server. It supports any
number of schemas, easy to add/modify existing schemas, integrated web based user access, and fast
browser based administration tools. And all relevant RFC protocols LDAP v2, LDAP v3, HTTP.With its
features, support and price it is more powerful and cost effective than any other solution.
Compatible to suck data from existing LDAP servers for easy data population.
With a build in web server allowing your users to search your LDAP, or administrate the database.

A flaw has been found in "user.cgi" that allow a remote user to retrieve an file on a system. By
supplying the value "../" in "page" parametre you can read files outside the WWW root.

for example: https://[host]:6680/user.cgi?cmd=show&page=/../../../boot.ini

Workaround:
Disable Web administration service

Exploit:
https://members.lycos.co.uk/r34ct/main/surgeLDAP.exe


Credit:
Dr_insane
Http://members.lycos.co.uk/r34ct/




Feedback
Please send your comments to: dr_insane@pathfinder.gr




______________________________________________________________________________________
https://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones! 
https://www.pathfinder.gr - ÄùñåÜí mail áðü ôïí Pathfinder!