lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0309192210340.1865@thinknerd.de>
Date: Fri, 19 Sep 2003 22:12:36 +0200 (CEST)
From: Enrico Kern <phantom@....org>
To: bugtraq@...urityfocus.com
Subject: [Advisory] Powerslave 4.3 Information Leak Vuln.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=========================================================
	      	H Zero Seven Security Advisory

Product   : FlyingDog Software - Powerslave Portalmanager
Impact    : information leak vulnerability
Issue date: 19 Sept. 2003
Update    : Powerslave 4.4.3pl3
Affected  : Powerslave 4.3
=========================================================

Summary:
========

The Powerslave rapid prototyping server unites all
functions of a high end content management system and
offers in addition a development platform for a whole
abundance of applications.

Powerslave features a powerfull Url-rewrite function
who can be used to obtain Informations about the Database-
Structur and under certain conditions execute arbitary
SQL-Code (not tested).


Informations:
=============

Powerslave 4.3 allows URL-rewriting: instead of the PHP
standard "?" in the URL, variables are seperated by colons.
This helps e.g. Google to spider and index the site.

If you enter arbitary sql-commands after the sql-id field
in the Document-URL you can obtain informations about
the Database-Structure.


Example:

http://example.com/powerslave,id,10;,nodeid,,_language,uk.html
                                   |
                                   |- ; or modified querys
                                        and table-numbers.

Error: Could't find article!
SELECT example_table.* FROM example_table WHERE example_table.ID=10;


Fix:
====

Upgrade to Powerslave 4.4.3pl3

Disclaimer:
===========

This advisory does not claim to be complete. The informations
may be inaccurate or wrong. Possible exploit code is only written
for testing purposes. Articles based on informatins in this
advisory should have an link to this document.


Exploit:
========

See Informations.

Reference:
==========

H Zero Seven - Unix/Linux Developer Team
http://www.h07.org


Advisory:
=========

ftp://ftp.h07.org/pub/h07.org/projects/papers/h07adv-powerslave.txt



- ------------------->
"Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning." (Rich Cook)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6

iD8DBQE/a2M4A0DeN27j6sERAoDZAKCWyYD52eyzqYxbHEVNAz6Qacxk2gCfRCQZ
GRtsfZhLL8tMzT3zdDrIMr0=
=3nGd
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ