Hi, this is my first posting to bugtraq, I found something that needs to be addressed. While browsing some sites the other night, I noticed a popular guestbook probgram, dbmlparser.exe, I have seen this on a few nameless sites so far, and im sure that there are more out there. anyways heres my findings: Some sites use dbmlparser.exe to handle there guestbooks, or basic message boards, or the same type of stuff. The problem here is that it calls for a file that holds the guestbook or message board postings DBMLFILE=, this is calling for DBMLFILE=genericpage.dbml&, then a bit more cgi to regulate output after that. the problem is that it doesnt chroot correctly, so in theory you can just insert any file that you want read access to. Now this is where this gets fun. Without it proporly chroot'ng, it will let you read any file on the computer that you have read permission to read. Now in theory, I havent tried this, but you can modify the source on the html page with the the forms on another site, redirect it to them, and respecifiy the file you want to over write. very nasty, needs addressing. I hope this information helps any sysadmins out who are using this software.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:46 PDT