Home page logo

bugtraq logo Bugtraq mailing list archives

improper chroot in dbmlparser.exe
From: qdial () PHUNC COM (robert qdial)
Date: Sat, 17 Jul 1999 20:09:53 -0000

Hi, this is my first posting to bugtraq, I found something 
that needs to be addressed.  While browsing some sites the 
other night, I noticed a popular guestbook probgram, 
dbmlparser.exe, I have seen this on a few nameless sites so 
far, and im sure that there are more out there.  anyways 
heres my findings:

Some sites use dbmlparser.exe to handle there guestbooks, 
or basic message boards, or the same type of stuff.  The 
problem here is that it calls for a file that holds the 
guestbook or message board postings DBMLFILE=, this is 
calling for DBMLFILE=genericpage.dbml&, then a bit more cgi 
to regulate output after that.  the problem is that it 
doesnt chroot correctly, so in theory you can just insert 
any file that you want read access to.  Now this is where 
this gets fun.  Without it proporly chroot'ng, it will let 
you read any file on the computer that you have read 
permission to read.  Now in theory, I havent tried this, 
but you can modify the source on the html page with the the 
forms on another site, redirect it to them, and respecifiy 
the file you want to over write.  very nasty, needs 
addressing.   I hope this information helps any sysadmins 
out who are using this software.

  By Date           By Thread  

Current thread:
  • improper chroot in dbmlparser.exe robert qdial (Jul 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]