|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Vulnerabilities in Informix Webdriver
From: isno (isno
ETANG.COM)Date: Fri Dec 29 2000 - 18:34:53 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Webdriver is the web interface of Informix database,I found it is vulnerable.In the common condition,webdriver is submitted with a parameter,but if you type http://victim/cgi-bin/webdriver directly, It will return a webpage which you can modify or delete database on it.
Otherwise, webdriver will make a /tmp/.log file,its attribute is -rw-rw-rw,we can make a symlink and get the nobody privilege,although without root privilege,we can deface the website as nobody.
isno(isnoetang.com)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]