|
|
|
|
| |
Texis is the only fully integrated SQL RDBMS that intelligently queries and manages databases containing natural language text, standard data types, geographic information, images, video, audio, and other payload data.
Any user can send an invalid path to Texis causing it to reveal the full path to the web root.
Also, in some cases Texis will display system specific information (OS, processor type). |
| |
Credit:
The information has been provided by - phinegeek -.
|
| |
Texis is a relational database management system used for indexing site content and for its search engine capabilities. Texis runs on the major UNIX systems and Windows NT/2000. Supported UNIX flavors include Solaris, Linux, Tru64, FreeBSD, IRIX, BSDI, HP-UX, AIX, SCO, and UnixWare. Texis is used by many government agencies and major companies including ZDNet, eBay, RSA Security and others. Content managed by Texis can be queried using the Texis program. The Texis program executes files written in Texis Web Script (a.k.a Vortex), an HTML-based, server-side scripting language developed by Thunderstone. It can be invoked from the command line, or as a CGI from the web server. Specifying an invalid path to a script causes Texis to reveal the full path to the web root.
Exploitation:
ZDNet
http://hotfiles.zdnet.com/cgi-bin/texis/phine
eBay
http://search.ebay.com/cgi-bin/texis/phine
RSA Security
http://www.rsasecurity.com/programs/texis.exe/phine
Dogpile Search Engine
http://dpcatalog.dogpile.com/texis/websearch/phine
Washington Post
http://adsite.washpost.com/cgi-bin/texis.exe/phine
California Dept. of Education
http://inet5.cde.ca.gov/scripts/texis.exe/phine
|
|
|
|
|
|
|
