COMMAND

    Ultraseek

SYSTEMS AFFECTED

    Ultraseek Server 3.0

PROBLEM

    Following is  based on  a CHINANSL  Security Advisory  CSA-200012.
    CHINANLS security team has  found a security problem  in Ultraseek
    Server 3.0.   It is  possible that  a malicious  user can  get the
    absolute path and source code of Ultraseek Server addons.

    Ultraseek Server  with interpreter  can interpret  the script file
    and execute some correcpond  functions, but Ultraseek Server  have
    some bug to exploit the script file.

    (1) run arbitrary command:

        http://target:8765/null.html

        Ultraseek Server will return:

        The path where Ultraseek Server install and other information.

    (2) we can get the content of source code files with this bug too:

        http://target:8765/index.html/

    Ultraseek Server will  return the conten  of index.html and  other
    source code which work for Ultraseek Server.

    Sample:

        http://www.sun.com.cn:8765/index.html/

SOLUTION

    Nothing yet.