texis(CGI) Path Disclosure Vulnerability

"- phinegeek -" <phine@anonymous.to> · Tue, 5 Feb 2002 21:13:44 -0800

Advisory:      texis(CGI) Path Disclosure Vulnerability
Application:   Thunderstone's texis(CGI)
Release Date:  02.05.02
Severity:      Any user can send an invalid path to texis(CGI)
            causing it to reveal the full path to the webroot.
               In some cases texis will display system specific
               information(OS, processor type).
Vendor Status: ThunderStone was contacted and has not responded since Jan.29.02

Summary:
 Texis is a relational database management system used for indexing site
 content and for its search engine capabilities. Texis runs on the major
 Unix systems and Windows NT/2000. Supported Unix flavors include Solaris,
 Linux, Tru64, FreeBSD, Irix, BSDI, HP-UX, AIX, SCO & Unixware.
 Texis is used by many government agencies and major companies including
 ZDNet, eBay, RSA Security and others. Content managed by Texis can be
 queried using the texis program. The texis program executes files written
 in Texis Web Script(aka Vortex), an HTML-based, server-side scripting
 language developed by Thunderstone. It can be invoked from the command
 line, or as a CGI from the web server. Specifying an invalid path to a
 script causes texis to reveal the full path to the webroot. In some cases
 texis will reveal system specific information such as operating system
 and processor type.

Disclaimer:
 This information is provided "AS IS". The author of this document
 disclaims all warranties, express and implied, with regard to this
 information. This information is provided only for legitimate security
 analysis purposes. The author does not condone the unauthorized access
 of systems, and specifically prohibits the use or reproduction of this
 information for such purposes. In no event shall the author be liable
 for any damages whatsoever arising out of or in connection with the use
 or dissemination of this information. Any use of this information is at
 the user's own risk.

Exploitation:

 ZDNet
 http://hotfiles.zdnet.com/cgi-bin/texis/phine
 eBay
 http://search.ebay.com/cgi-bin/texis/phine
 RSA Security
 http://www.rsasecurity.com/programs/texis.exe/phine
 Dogpile Search Engine
 http://dpcatalog.dogpile.com/texis/websearch/phine
 Washington Post
 http://adsite.washpost.com/cgi-bin/texis.exe/phine
 California Dept. of Education
 http://inet5.cde.ca.gov/scripts/texis.exe/phine

Author:
 phinegeek - phine@anonymous.to

------------------------------------------------------------
This email was sent through the free email service at http://www.anonymous.to/
To report abuse, please visit our website and click 'Contact Us.'  