MIMAnet Source Viewer Directory Traversal

vendor:

Source Viewer

by:

SecurityFocus

8.3

CVSS

HIGH

Directory Traversal

CWE

Product Name: Source Viewer

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: CVE-2001-0206

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2001

MIMAnet Source Viewer Directory Traversal

MIMAnet Source Viewer is a freely available CGI script which allows users to view the source code of files located elsewhere on the server. Unfortunately, it does not filter '..' and '/' characters, which can be misinterpreted by the script and cause files outside of the intended directory to be opened. As a result, it may be possible for attackers to view the contents of arbitrary webserver-readable files on the filesystem.

Mitigation:

Filter out '..' and '/' characters from user input.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2762/info

MIMAnet Source Viewer is a freely available CGI script which allows users to view the source code of files located elsewhere on the server.

Source Viewer accepts an argument, 'loc', which it uses as the filename when opening the requested file. Unfortunately it does not filter '..' and '/' characters, which can be misinterpreted by the script and cause files outside of the intended directory to be opened. As a result, it may be possible for attackers to view the contents of arbitrary webserver-readable files on the filesystem.

The following URL demonstrates the problem:

http://localhost/cgi-bin/viewsrc.cgi?
loc=../[any file outside restricted directory]