9 lines
No EOL
614 B
Text
9 lines
No EOL
614 B
Text
source: https://www.securityfocus.com/bid/1720/info
|
|
|
|
Talentsoft Web+ is a web application server that can be integrated with various web technologies.
|
|
|
|
A vulnerability exists in one of the CGI applications implemented by Web+. It is possible for a remote user to retrieve the internal IP address in a NAT environment running Web+. Requesting a specially crafted URL containing the 'about' argument will disclose the internal IP address behind the NAT.
|
|
|
|
Successful exploitation of this vulnerability could aid in further and more complicated attacks against the target site.
|
|
|
|
http://target/cgi-bin/webplus.exe?about |