Inktomi Search Software 3.0 - Source Disclosure

Author: china nsl
type: remote
platform: multiple
port: 
date_added: 2000-12-05  
date_updated: 2012-08-13  
verified: 1  
codes: OSVDB-88576  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 20467.txt  

source: https://www.securityfocus.com/bid/2061/info


A vulnerability exists in version 3.0 of Ultrseek server (aka Inktomi Search).

Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:

http://target:8765/somefile.html/

will return the source to 'somefile.html'.

As a result, it is possible for an attacker to obtain source code to any Ultraseek scripts, which could be used to support further attacks.