header-logo
Suggest Exploit
vendor:
Ultraseek Server
by:
SecurityFocus
7.5
CVSS
HIGH
Source Disclosure
20
CWE
Product Name: Ultraseek Server
Affected Version From: 3
Affected Version To: 3
Patch Exists: NO
Related CWE: N/A
CPE: //a:ultraseek_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001

Ultraseek Server 3.0 Source Disclosure Vulnerability

Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form: http://target:8765/somefile.html/ will return the source to 'somefile.html'. As a result, it is possible for an attacker to obtain source code to any Ultraseek scripts, which could be used to support further attacks.

Mitigation:

Validate user-supplied input to prevent source code disclosure.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2061/info


A vulnerability exists in version 3.0 of Ultrseek server (aka Inktomi Search).

Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:

http://target:8765/somefile.html/

will return the source to 'somefile.html'.

As a result, it is possible for an attacker to obtain source code to any Ultraseek scripts, which could be used to support further attacks.

Navigation

Suggest Exploit

Services By CQR