double dot vulnerability on a site running Informix database.

From: Beck Mr.R (bug_huntat_private)
Date: Thu Nov 22 2001 - 03:09:14 PST

Next message: Felipe Moniz: "NetCraft Site/Banner HTML Insertion Vulnerability"

Previous message: alert7: "[NetGuard Security] NSI Rwhoisd another Remote Format String Vulnerability"
Next in thread: Joel Michael: "Re: double dot vulnerability on a site running Informix database."
Reply: Joel Michael: "Re: double dot vulnerability on a site running Informix database."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Mailer: SecurityFocus I found a doubledot vulnerability on a site running Informix database. I can read of any file on the system by putting /../ into the url. But so far I have only found two sites with this problem. The site is running Netscape-Enterprise/4.0 on Solaris according to Netcraft.com On the site All image files are linked like this: http://site.com/ifx/? LO=00000001a6b7c8d900000003000000030004334d 38e02543000000000001eb800000000000000000000 0000000000000000000000000000000000000000000 000000000000000000 This is a part of fetching an image from the wbBinaries system table. The Web DataBlade Module provides wbBinaries for storing large binary resources such as images, sounds, and videos. But if I want to get the content of etc directory: http://site.com/ifx/?LO=../../../etc/ or even: http://site.com/ifx/?LO=../../../etc/passwd So, is this a widespead bug?

Next message: Felipe Moniz: "NetCraft Site/Banner HTML Insertion Vulnerability"
Previous message: alert7: "[NetGuard Security] NSI Rwhoisd another Remote Format String Vulnerability"
Next in thread: Joel Michael: "Re: double dot vulnerability on a site running Informix database."
Reply: Joel Michael: "Re: double dot vulnerability on a site running Informix database."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 23 2001 - 15:35:37 PST