header-logo
Suggest Exploit
vendor:
by:
5.5
CVSS
MEDIUM
Information Disclosure
22
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists:
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

CGI Script Filename Information Disclosure Vulnerability

Appending "%00" to the end of a CGI script filename allows a remote client to view the full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. This vulnerability can be exploited by accessing the script through a URL like "http://target/script.cgi%00". The "%00" can be replaced with "%G0", "%W0", "%EW", "%FG", "%UW", or "%VG" to achieve the same results.

Mitigation:

Disable the "allow CGIs anywhere" option in the CGI module configuration. Ensure that scripts located in executable directories, such as "cgi-bin", are not vulnerable.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/977/info

Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in directories which are designated as executable (eg. \cgi-bin) are not vulnerable to this exploit.

http ://target/script.cgi%00

"%00" may be replaced with "%G0", "%W0", "%EW", "%FG", "%UW", or "%VG" in order to achieve the same results.

Navigation

Suggest Exploit

Services By CQR