[28442] in bugtraq
Vulnerability in WebCollection Plus (TM)
daemon@ATHENA.MIT.EDU (f0urtyfive@ceteranet.com)
Wed Jan 15 15:51:01 2003
Message-ID: <3726.66.240.41.103.1042556889.squirrel@www.ceteranet.com>
Date: Tue, 14 Jan 2003 10:08:09 -0500 (EST)
From: <f0urtyfive@ceteranet.com>
To: <bugtraq@securityfocus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
These vulnerabilities were found / tested on:
WebCollection Plus (TM)
Copyright 2001 Follett Software Company
Version 5.00
Revision 12-01-A Dec 19 2001
Program protects from reading other non-webserver accessible files by
checking for a : or excessive .'s in a string. If the URL has a / at the
beginning, it has the affect of reading from C:\ for example, to read
C:\bootlog.txt the URL to use is something like
http://vulnerableserver/wx/s.dll?d=/bootlog.txt
Found the latest version revision is 5.05, but could not find a 5.05
copy to test on.
Manufacturer of program was contacted by Phone, and the vulnerability was
reported to them. Follet Software has not replied concerning not being
submitted to bugtraq, so I have to assume they do not care.
f0urtyfive
www.ceteranet.com
