O'Reilly WebSite Pro Write Access Vulnerability

By default, O'Reilly WebSite Pro installs the following directories on the web root as read accessible by any user:

cgi-win
cgi-shl
cgi-src
cgi-temp

The program uploader.exe exists in the /cgi-win directory. Any remote user can execute this program by performing a GET request for http://target/cgi-win/uploader.exe. This program will allow the user to upload any file to the remote server.


 

Privacy Statement
Copyright 2010, SecurityFocus