[18420] in bugtraq
Re: Vulnerabilities in Informix Webdriver
daemon@ATHENA.MIT.EDU (Joshua R. Poulson)
Wed Jan 3 17:56:02 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: 7bit
Message-Id: <004d01c075b2$6323c150$e2dc3a9e@pdx.informix.com>
Date: Wed, 3 Jan 2001 10:24:18 -0800
Reply-To: "Joshua R. Poulson" <jrp@pun.org>
From: "Joshua R. Poulson" <jrp@PUN.ORG>
X-To: isno <isno@ETANG.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> Webdriver is the web interface of Informix database,I found it is
> vulnerable.In the common condition,webdriver is submitted with a
> parameter,but if you type http://victim/cgi-bin/webdriver directly,
> It will return a webpage which you can modify or delete database on
> it.
The Web DataBlade manuals have a comment about leaving the AppPage
Builder program running on a production database on page 11-4 of the
Version 4.0 Administrator's Guide.
"You should not install AppPage Builder (APB) in a Production
Database, since APB is typically only used during development and
can pose a security risk if present in a production database."
> Otherwise, webdriver will make a /tmp/.log file,its attribute is
> -rw-rw-rw,we can make a symlink and get the nobody privilege,
> although without root privilege,we can deface the website as
> nobody.
The only files created with a .log extension are debug logs. What
version of the web driver are you using?
--jrp
