Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Vulnerabilities in Informix Webdriver
From: John Wright <john () dryfish org>
Date: Thu, 4 Jan 2001 09:25:44 +0000

I missed the original post so I'm quoting Joshua Poulson instead.

Basically, everything quoted is examples of a default install where no
configuration has been done.

On Wed, Jan 03, 2001 at 10:24:18AM -0800, Joshua R. Poulson wrote:
Webdriver is the web interface of Informix database,I found it is
vulnerable.In the common condition,webdriver is submitted with a
parameter,but if you type http://victim/cgi-bin/webdriver directly,
It will return a webpage which you can modify or delete database on
it.

The above is a misconfiguration.  webdriver has easy to use configuration
and the above is just the default for a particular set of configurations.

With a proper setup the above URL would send you to a 404 Asset not found or
a company home page or whatever.

The Web DataBlade manuals have a comment about leaving the AppPage
Builder program running on a production database on page 11-4 of the
Version 4.0 Administrator's Guide.

   "You should not install AppPage Builder (APB) in a Production
    Database, since APB is typically only used during development and
    can pose a security risk if present in a production database."

You can also set a read_level for a configuration and webdriver will check
this against the read_level of an AppPage and will give a 403 Access not
allowed if you do not have access.

Otherwise, webdriver will make a /tmp/.log file,its attribute is
-rw-rw-rw,we can make a symlink and get the nobody privilege,
although without root privilege,we can deface the website as
nobody.

The only files created with a .log extension are debug logs.  What
version of the web driver are you using?

Logs can be enabled and disabled and moved and placed in secured locations
on disk.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault