||Home : Advisories : Multiple Issues with Talentsoft WebPlus Application Server|
||Multiple Issues with Talentsoft WebPlus Application Server
||Delphis Consulting Plc
||19th September 2000
Delphis Consulting Plc
Security Team Advisories
Adv : DST2K0032
Title : Multiple Issues with Talentsoft WebPlus Application Server
Author : DCIST (email@example.com)
O/S : Microsoft Windows Nt 2000 Professional (SP1) / Linux
Product : Web+ Server Version: 4.6 Client-Server NT
(webpsvc.exe Build 539)
Web+ Monitor Version: 4.6 Client-Server NT (Build
Web+ Client Version: 4.6 NT (Build 25)
Date : 19/09/2000
Vendor URL: http://www.talentsoft.com
Delphis Consulting Internet Security Team (DCIST) discovered the following
vulnerability in Webplus under Windows NT.
Severity: low - Path revealing
It is possible to cause Webplus to reveal the physical path which it is
installed within. This is done by executing the CGI application and passing
a single .
This will respond with an error message detailing the physical path.
Severity: low - Internal IP address leakage
If your server is being NAT'd (i.e. located behind a firewall/load balancer)
it is possible to retrieve your internal IP address by passing the about
option to the cgi application.
Severity: medium - Source code viewing on NTFS partitions
It is possible to cause Webplus to reveal the source code of the WML files
which are located on NTFS partitions. This is done by appending the data
you wish on to the WML file.
The danger here as the Delphis team have demonstrated is being able to
DSN information (datasource, table names, usernames & passwords). It is also
possible if the Script root has been set to the webroot to read the source
code of other script files (i.e. ASP).
Vendor Status: Informed
Delphis are happy to announce that Talentsoft has a patch for the above
::$DATA issue. The following was information recieved from the vendor.
You require build 542 (to fully disable the parsing of ::$DATA requires
using a newly rebuilt webplus.dll in addition to the use of build 542 of
webpsvc.exe web+ server)).
If you have any issues obtaining this patch please contact Talentsoft
THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR
IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE
PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
This e-mail and any files transmitted with it are intended solely for the
addressee and are confidential. They may also be legally
privileged.Copyright in them is reserved by Delphis Consulting PLC
["Delphis"] and they must not be disclosed to, or used by, anyone other than
the addressee.If you have received this e-mail and any accompanying files in
error, you may not copy, publish or use them in any way and you should
delete them from your system and notify us immediately.E-mails are not
secure. Delphis does not accept responsibility for changes to e-mails that
occur after they have been sent. Any opinions expressed in this e-mail may
be personal to the author and may not necessarily reflect the opinions of