[19047] in bugtraq
Re: IBM NetCommerce Security
daemon@ATHENA.MIT.EDU (rudi carell)
Tue Feb 6 17:54:30 2001
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F57k3z6QEy0Dll7fnp300000761@hotmail.com>
Date: Tue, 6 Feb 2001 15:11:51 -0700
Reply-To: rudi carell <rudicarell@HOTMAIL.COM>
From: rudi carell <rudicarell@HOTMAIL.COM>
X-To: emo@DS.PRIMASOFT.BG
To: BUGTRAQ@SECURITYFOCUS.COM
>Those look really funny, anyone know the what algorythm is used, i >suppose
>it's the standard db2 function, but haven't tried that yet.
.. because of the column type this is just a hexadecimal representation ..
you can easily convert it to char ...
> > 3) "Password-Reminders"
>Actually these are the answers of the authentification questions, >asked
>for
>confirming the user's identity (which hints that the passwords may be
> >decryptable)
... once you got the right answer you are able to change or at least reset
the password .. and .. thats the trick :)
>I just confirmed that on Net.Commerce 3.1.2 and it's a really nasty >bug.
>One may query virtually any data from the db from almost any
>macro (default & custom). I don't believe it's an error in
>net.data.
... it is def. a "classic" "no-input-validation" :-) hole ...
rc
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
