header-logo
Suggest Exploit
vendor:
Freeware Guestbook Package
by:
SecurityFocus
6.4
CVSS
MEDIUM
Arbitrary File Retrieval
22
CWE
Product Name: Freeware Guestbook Package
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Freeware Guestbook Package Arbitrary File Retrieval Vulnerability

The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook (undetermined at the time of writing) are vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access. This can be accomplished by specifying the path and filename as the parameter 'template' to either rguest.exe or wguest.exe - see Exploit for example. These two programs typically reside in /cgi-bin.

Mitigation:

Ensure that the web server is configured to only serve files from the intended directory, and that the guestbook package is kept up to date.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2024/info
 
The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook (undetermined at the time of writing) are vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access. This can be accomplished by specifying the path and filename as the parameter "template" to either rguest.exe or wguest.exe - see Exploit for example. These two programs typically reside in /cgi-bin.

http://server/cgi-bin/rguest.exe?template=c:\winnt\system32\$winnt$.inf will return the $winnt$.inf file

Navigation

Suggest Exploit

Services By CQR