11 lines
No EOL
744 B
Text
11 lines
No EOL
744 B
Text
source: https://www.securityfocus.com/bid/2017/info
|
|
|
|
IBM Net.Data is a scripting language used to create web applications, it supports a wide range of language environments and is compatible with most recognized databases.
|
|
|
|
Net.Data contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, comprised of an invalid request and known database, will reveal the physical path of server files.
|
|
|
|
Successful exploitation of this vulnerability could assist in further attacks against the victim host.
|
|
|
|
http://target/cgi-bin/db2www/library/document.d2w/show
|
|
|
|
DTWP029E: Net.Data is unable to locate the HTML block SHOW in file /projects/www/netdata/macro/software/library/document.d2w. |