Home page logo
/

bugtraq logo Bugtraq mailing list archives

Vulnerabilities in Informix Webdriver
From: isno <isno () ETANG COM>
Date: Sat, 30 Dec 2000 08:34:53 +0800

Webdriver is the web interface of Informix database,I found it is vulnerable.In the common condition,webdriver is 
submitted with a parameter,but if you type http://victim/cgi-bin/webdriver directly, It will return a webpage which you 
can modify or delete database on it.
 
Otherwise, webdriver will make a /tmp/.log file,its attribute is -rw-rw-rw,we can make a symlink and get the nobody 
privilege,although without root privilege,we can deface the website as nobody.



isno(isno () etang com)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]