Critical Path InJoin Directory Server 4.0 - File Disclosure

EDB-ID:

21445




Platform:

Multiple

Date:

2002-05-10


source: https://www.securityfocus.com/bid/4718/info

Critical Path provides an LDAP (Lightweight Directory Access Protocol) Directory Server called InJoin. InJoin Directory Server is provided for Microsoft Windows operating systems and Unix variants. iCon is the administrative web interface for the inJoin Directory Server.

An attacker with a valid administrative username and password is able to view any file on the system that is accessible to the owner of the iCon process. The contents of arbitrary webserver readable files can be disclosed by supplying their path as the log entry parameter when viewing log entries. 

http://ip:1500/CONF&LOG=/etc/passwd&NOIH=no&FRAMES=y

Here the attacker is able to view the contents of /etc/passwd.