header-logo
Suggest Exploit
vendor:
cached_feed
by:
SecurityFocus
7.5
CVSS
HIGH
File Disclosure Vulnerability
22
CWE
Product Name: cached_feed
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: N/A
CPE: a:moreover.com:cached_feed:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Moreover.com ‘cached_feed’ CGI Script File Disclosure Vulnerability

The 'cached_feed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtain_file' function, designed to return the contents of a specified file for display in the browser, fails to adequately filter ".." character sequences in user-supplied input. As a result, a carefully formed URL that is submitted to the script can result in the disclosure of files (readable by HTTP user) outside of the CGI script's "allowed" area.

Mitigation:

Upgrade to version 2.0 of the product
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1762/info


The 'cached_feed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtain_file' function, designed to return the contents of a specified file for display in the browser, fails to adequately filter ".." character sequences in user-supplied input. As a result, a carefully formed URL that is submitted to the script can result in the disclosure of files (readable by HTTP user) outside of the CGI script's "allowed" area.

Version 1.0 of the product is affected. The vendor repaired the script and released version 2.0 before this vulnerability was published. 

http://www.example.com/cgi-bin/cached_feed.cgi?../../../.+/etc/passwd