[33158] in bugtraq
WebTrends Reporting Center Path Disclosure vulnerability
daemon@ATHENA.MIT.EDU (Oliver Karow)
Tue Jan 20 17:58:00 2004
Date: Tue, 20 Jan 2004 22:26:53 +0100 (MET)
From: "Oliver Karow" <Oliver.Karow@gmx.de>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Message-ID: <2683.1074634013@www60.gmx.net>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
WebTrends Reporting Center Path Disclosure vulnerability
========================================================
Problem:
========
WebTrends Reporting Center is administrated via a web interface.
It seems to be possible to disclose the physical path to the application.
This
information could be useful to a malicious user wishing to gain
illegal access to resources on the server.
Vulnerable:
===========
WebTrends Reporting Center- Enterprise Edition
Version: 6.1a
Platform: win32
Built: 7591
Exploiting:
===========
http://server:1099/viewreport.pl?profileid=dontexist
(see http://www.oliverkarow.de/research/WT.jpg )
Product Description
===================
See www.webtrends.com for more information :)
Vendor status
=============
Vendor was informed on 05/january/2004, and acknowledged the receiption of
the message....thats all :(
Author:
=======
www.oliverkarow.de
--
+++ GMX - die erste Adresse für Mail, Message, More +++
Bis 31.1.: TopMail + Digicam für nur 29 EUR http://www.gmx.net/topmail
