header-logo
Suggest Exploit
vendor:
csPassword.cgi
by:
Mike Barone and Andy Angrick
5
CVSS
MEDIUM
Disclosure of sensitive information
200
CWE
Product Name: csPassword.cgi
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Disclosure of sensitive information

A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net that discloses potentially sensitive information to a user. When an error occurs with the csPassword.cgi script, it displays an error message with a lot of debugging information, including the full path to the script, the name of the script, and the name of the function that was called.

Mitigation:

Ensure that the csPassword.cgi script is configured to not display debugging information when an error occurs.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4887/info

CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick.

A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net that discloses potentially sensitive information to a user. When an error occurs with the csPassword.cgi script, it displays an error message with a lot of debugging information.

http://target/csPassword.cgi?command=remove

This will cause csPassword to execute the remove() function. This function is not defined and thus will cause an error page to be displayed.

Navigation

Suggest Exploit

Services By CQR