GEN:SID | 1:2207 |
Message | WEB-CGI fileseek.cgi access |
Summary | This event is generated when an attempt is made to access fileseek.cgi on an internal web server. This may indicate an attempt to exploit a directory traversal or remote command execution vulnerability in Wiley Computer Publishing Craig Patchett FileSeek.cgi.
|
Impact | Information gathering or remote execution of arbitrary code.
|
Detailed Information | FileSeek.cgi is an example script that locates and downloads files on a web server, available in "The CGI/Perl Cookbook," written by Craig Patchett and published by John Wiley & Sons. It contains two vulnerabilities due to erroneous parsing -- an attacker could use "....//" in the HEAD or FOOT parameter of an HTTP request to fileseek.cgi to view arbitrary files on the server or could use a similar method to execute shell commands on the web server. Both actions will be performed with the security context of the web server.
|
Affected Systems | Any web server running fileseek.cgi.
|
Attack Scenarios | An attacker sends a specially crafted HTTP request to a vulnerable web server, and is then able to view files on the server. In addition, an attacker could send a specially crafted HTTP request that contains shell commands to the web server. The web server would then attempt to execute the commands in the request.
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | |
Additional References | Bugtraq http://www.securityfocus.com/bid/6783 http://www.securityfocus.com/bid/6784
|
Rule References | bugtraq: 4579
bugtraq: 6784
cve: 2002-0611
nessus: 11748
|