![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: "- phinegeek -" <phine@anonymous.to>
To: vuln-dev@securityfocus.com
Subject: texis(CGI) Path Disclosure Vulnerability
Date: Tue, 5 Feb 2002 21:13:44 -0800
Advisory: texis(CGI) Path Disclosure Vulnerability
Application: Thunderstone's texis(CGI)
Release Date: 02.05.02
Severity: Any user can send an invalid path to texis(CGI)
causing it to reveal the full path to the webroot.
In some cases texis will display system specific
information(OS, processor type).
Vendor Status: ThunderStone was contacted and has not responded since Jan.29.02
Summary:
Texis is a relational database management system used for indexing site
content and for its search engine capabilities. Texis runs on the major
Unix systems and Windows NT/2000. Supported Unix flavors include Solaris,
Linux, Tru64, FreeBSD, Irix, BSDI, HP-UX, AIX, SCO & Unixware.
Texis is used by many government agencies and major companies including
ZDNet, eBay, RSA Security and others. Content managed by Texis can be
queried using the texis program. The texis program executes files written
in Texis Web Script(aka Vortex), an HTML-based, server-side scripting
language developed by Thunderstone. It can be invoked from the command
line, or as a CGI from the web server. Specifying an invalid path to a
script causes texis to reveal the full path to the webroot. In some cases
texis will reveal system specific information such as operating system
and processor type.
Disclaimer:
This information is provided "AS IS". The author of this document
disclaims all warranties, express and implied, with regard to this
information. This information is provided only for legitimate security
analysis purposes. The author does not condone the unauthorized access
of systems, and specifically prohibits the use or reproduction of this
information for such purposes. In no event shall the author be liable
for any damages whatsoever arising out of or in connection with the use
or dissemination of this information. Any use of this information is at
the user's own risk.
Exploitation:
ZDNet
http://hotfiles.zdnet.com/cgi-bin/texis/phine
eBay
http://search.ebay.com/cgi-bin/texis/phine
RSA Security
http://www.rsasecurity.com/programs/texis.exe/phine
Dogpile Search Engine
http://dpcatalog.dogpile.com/texis/websearch/phine
Washington Post
http://adsite.washpost.com/cgi-bin/texis.exe/phine
California Dept. of Education
http://inet5.cde.ca.gov/scripts/texis.exe/phine
Author:
phinegeek - phine@anonymous.to
------------------------------------------------------------
This email was sent through the free email service at http://www.anonymous.to/
To report abuse, please visit our website and click 'Contact Us.'