lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070919130327.30358.qmail@securityfocus.com>
Date: 19 Sep 2007 13:03:27 -0000
From: come2waraxe@...oo.com
To: bugtraq@...urityfocus.com
Subject: [waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval


[waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval
====================================================================

Author: Janek Vind "waraxe"
Date: 19. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-52.html


Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.dblog.it/sito/default.asp

DBlog CMS is a open source Content Management System for IIS/ASP platform.
Some days ago dBlog 2.0 hit the goal of the 110.000 platform downloads, 
over 100.000 of them regarding the lastest version.

GoogleDork: inurl:"articolo.asp" "powered by dblog"


Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DBlog stores all the data in JET database file with default name "dblog.mdb".
This database file is accessible from web as:

http://www.example.com/mdb-database/dblog.mdb

By fetching database anyone can obtain admin password sha hashes and then try to
crack them and gain admin privileges.
There are some mitigating factors though:

1. IIS webserver can refuse ".mdb" file download
2. database file or directory can be renamed to something else

Quick look @ real world sites shows, that ~ 20% of them are exploitable.
Considering large number of DBlog-based websites, this is serious problem IMHO.


How to fix:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

IIS directory restrictions, renaming directory and database file.


Greetings:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Greets to pabloski, ToXiC, LINUX, y3dips, Sm0ke, Heintz, slimjim100, Chb
and all other people who know me!
Greetings to Raido Kerna.
Tervitusi Torufoorumi rahvale!

Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

come2waraxe@...oo.com
Janek Vind "waraxe"

Homepage: http://www.waraxe.us/


Shameless advertise:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

User Manual Database - http://user-manuals.waraxe.us/
Old Books Online - http://www.oldreadings.com/

---------------------------------- [ EOF ] ------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ