SurgeLDAP 1.0g Web service user.cgi File retrieval Release Date: April 13, 2004 Severity: Low Vendor: http://netwinsite.com Details: SurgeLDAP is an advanced easy to manage and install high performance LDAP v3 server. It supports any number of schemas, easy to add/modify existing schemas, integrated web based user access, and fast browser based administration tools. And all relevant RFC protocols LDAP v2, LDAP v3, HTTP.With its features, support and price it is more powerful and cost effective than any other solution. Compatible to suck data from existing LDAP servers for easy data population. With a build in web server allowing your users to search your LDAP, or administrate the database. A flaw has been found in "user.cgi" that allow a remote user to retrieve an file on a system. By supplying the value "../" in "page" parametre you can read files outside the WWW root. for example: http://[host]:6680/user.cgi?cmd=show&page=/../../../boot.ini Workaround: Disable Web administration service Exploit: http://members.lycos.co.uk/r34ct/main/surgeLDAP.exe Credit: Dr_insane Http://members.lycos.co.uk/r34ct/ Feedback Please send your comments to: dr_insane@pathfinder.gr ______________________________________________________________________________________ http://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones! http://www.pathfinder.gr - Δωρεάν mail από τον Pathfinder!