[NEWS] DB4Web (R) File Disclosure
From: support@securiteam.comDate: 09/22/02
- Previous message: support@securiteam.com: "[UNIX] Security Vulnerabilities in OSF1/Tru64 3.x"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 22 Sep 2002 21:04:32 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
DB4Web (R) File Disclosure
------------------------------------------------------------------------
SUMMARY
DB4Web, Your Application Server for high performance and secure
Web-Applications with access to various data sources. The DB4Web (R)
application can be misused to view (response download) files located on
the server by sending special HTTP requests.
DETAILS
A DB4Web (R) server accessed with a web browser usually requests local or
remote databases to generate dynamic html pages. By requesting malicious
URLs, one can manipulate the server application to disclose files located
on the server system. The browser will download them and (according to the
mime-type) show them directly within the browser window. The db4web_c
binary (on Unix/Linux systems) or db4web_c.exe binary (on MS Windows) is
located within the cgi-bin (scripts) directory of the web server on the
DB4Web (R) system. This binary executes the database query and is
accessibly by the client's web browser.
Example:
On MS Windows systems, the URL to retrieve the boot.ini file would look
like:
http://db4web.server.system/scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
On Linux/UNIX servers, the following URL will show /etc/hosts:
http://db4web.server.system/cgi-bin/db4web_c/dbdirname//etc/hosts
In the above examples db4web.server.system means the Name or IP address of
the server, dbdirname is the name of the local database directory and
%3A%5C is the representation of :\ needed to access c:\boot.ini.
One can also download files, cmd.exe for example, by requesting
c%3A%5Cwinnt%5Csystem32%5Ccmd.exe.
Solution:
The DB4Web team provided an update of their software and notified their
customers about the problem. The patches can be found at:
<http://www.db4web.de/DB4Web/home/DB4Web/hotfix_e.html>
http://www.db4web.de/DB4Web/home/DB4Web/hotfix_e.html
ADDITIONAL INFORMATION
The information has been provided by
<mailto:stefan.bagdohn@guardeonic.com> Stefan Bagdohn.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Security Vulnerabilities in OSF1/Tru64 3.x"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
