Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1397 |
| Message | WEB-CGI wayboard attempt |
| Summary | Someone may have attempted to exploit a vulnerable in the CGI program way-board.cgi to read arbitrary files. |
| Impact | An attacker could have viewed sensitive documents and system files. This could be a precursor to a future attack. |
| Detailed Information | Way-board is a Korean webboard web application. It contains a vulnerability that can allow an attacker to view the contents of any file on the system accessible to the web user. |
| Affected Systems | |
| Attack Scenarios | Attacker sends a simple URL like the following: http://www.victim.com/way-board/way-board.cgi?db=url_to_any_file%00 |
| Ease of Attack | Very simple handcrafted URL. |
| Corrective Action | Examine the packet to see if a web request against way-board.cgi was being done. Try to determine what the requested file was, and determine from the web server's configuration whether it was a threat or not (i.e., whether the webserver had way-board.cgi on it). |
| Additional References | |
| Rule References | bugtraq: 2370 cve: 2001-0214 nessus: 10607 |
--
DID:711500
--
http://www.aanval.com/