Rule:  
--

Sid:
1397

--

Summary:
Someone may have attempted to exploit a vulnerable in the CGI program
way-board.cgi to read arbitrary files.

--
Impact:
An attacker could have viewed sensitive documents and system files.  This
could be a precursor to a future attack.

--
Detailed Information:
Way-board is a Korean webboard web application.  It contains a vulnerability
that can allow an attacker to view the contents of any file on the system
accessible to the web user.

--
Affected Systems:
 
--
Attack Scenarios:
Attacker sends a simple URL like the following:
http://www.victim.com/way-board/way-board.cgi?db=url_to_any_file%00

--
Ease of Attack:
Very simple handcrafted URL.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:
Examine the packet to see if a web request against way-board.cgi was
being done.  Try to
determine what the requested file was, and determine
from the web server's configuration whether it was a threat or not
(i.e., whether the webserver had way-board.cgi on it).

--
Contributors:
Original rule writer unknown
Original document author unkown
Sourcefire Vulnerability Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:
Bugtraq:  BID 2370
CVE:  CAN-2001-0214
