Home page logo
/

bugtraq logo Bugtraq mailing list archives

[Advisory] Powerslave 4.3 Information Leak Vuln.
From: Enrico Kern <phantom () h07 org>
Date: Fri, 19 Sep 2003 22:12:36 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=========================================================
                H Zero Seven Security Advisory

Product   : FlyingDog Software - Powerslave Portalmanager
Impact    : information leak vulnerability
Issue date: 19 Sept. 2003
Update    : Powerslave 4.4.3pl3
Affected  : Powerslave 4.3
=========================================================

Summary:
========

The Powerslave rapid prototyping server unites all
functions of a high end content management system and
offers in addition a development platform for a whole
abundance of applications.

Powerslave features a powerfull Url-rewrite function
who can be used to obtain Informations about the Database-
Structur and under certain conditions execute arbitary
SQL-Code (not tested).


Informations:
=============

Powerslave 4.3 allows URL-rewriting: instead of the PHP
standard "?" in the URL, variables are seperated by colons.
This helps e.g. Google to spider and index the site.

If you enter arbitary sql-commands after the sql-id field
in the Document-URL you can obtain informations about
the Database-Structure.


Example:

http://example.com/powerslave,id,10;,nodeid,,_language,uk.html
                                   |
                                   |- ; or modified querys
                                        and table-numbers.

Error: Could't find article!
SELECT example_table.* FROM example_table WHERE example_table.ID=10;


Fix:
====

Upgrade to Powerslave 4.4.3pl3

Disclaimer:
===========

This advisory does not claim to be complete. The informations
may be inaccurate or wrong. Possible exploit code is only written
for testing purposes. Articles based on informatins in this
advisory should have an link to this document.


Exploit:
========

See Informations.

Reference:
==========

H Zero Seven - Unix/Linux Developer Team
http://www.h07.org


Advisory:
=========

ftp://ftp.h07.org/pub/h07.org/projects/papers/h07adv-powerslave.txt



- ------------------->
"Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning." (Rich Cook)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6

iD8DBQE/a2M4A0DeN27j6sERAoDZAKCWyYD52eyzqYxbHEVNAz6Qacxk2gCfRCQZ
GRtsfZhLL8tMzT3zdDrIMr0=
=3nGd
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [Advisory] Powerslave 4.3 Information Leak Vuln. Enrico Kern (Sep 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault