[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0309192210340.1865@thinknerd.de>
Date: Fri, 19 Sep 2003 22:12:36 +0200 (CEST)
From: Enrico Kern <phantom@....org>
To: bugtraq@...urityfocus.com
Subject: [Advisory] Powerslave 4.3 Information Leak Vuln.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=========================================================
H Zero Seven Security Advisory
Product : FlyingDog Software - Powerslave Portalmanager
Impact : information leak vulnerability
Issue date: 19 Sept. 2003
Update : Powerslave 4.4.3pl3
Affected : Powerslave 4.3
=========================================================
Summary:
========
The Powerslave rapid prototyping server unites all
functions of a high end content management system and
offers in addition a development platform for a whole
abundance of applications.
Powerslave features a powerfull Url-rewrite function
who can be used to obtain Informations about the Database-
Structur and under certain conditions execute arbitary
SQL-Code (not tested).
Informations:
=============
Powerslave 4.3 allows URL-rewriting: instead of the PHP
standard "?" in the URL, variables are seperated by colons.
This helps e.g. Google to spider and index the site.
If you enter arbitary sql-commands after the sql-id field
in the Document-URL you can obtain informations about
the Database-Structure.
Example:
http://example.com/powerslave,id,10;,nodeid,,_language,uk.html
|
|- ; or modified querys
and table-numbers.
Error: Could't find article!
SELECT example_table.* FROM example_table WHERE example_table.ID=10;
Fix:
====
Upgrade to Powerslave 4.4.3pl3
Disclaimer:
===========
This advisory does not claim to be complete. The informations
may be inaccurate or wrong. Possible exploit code is only written
for testing purposes. Articles based on informatins in this
advisory should have an link to this document.
Exploit:
========
See Informations.
Reference:
==========
H Zero Seven - Unix/Linux Developer Team
http://www.h07.org
Advisory:
=========
ftp://ftp.h07.org/pub/h07.org/projects/papers/h07adv-powerslave.txt
- ------------------->
"Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning." (Rich Cook)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6
iD8DBQE/a2M4A0DeN27j6sERAoDZAKCWyYD52eyzqYxbHEVNAz6Qacxk2gCfRCQZ
GRtsfZhLL8tMzT3zdDrIMr0=
=3nGd
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists