While visiting alldas.de today I noticed that two names in the list occure quiet often, allways related to a so called "crack" of a topsite system (I don't think the system was compromised, just the site changed via the browser. It made me think about that someone may have discovered a vulnerability which is unknown to the public today. I donwloaded the whole thing and looked at it. First I found was this (from the readme text file): Directory: http://www.yoursite.com/topsites File: index.html - 777 Directory: http://www.yoursite.com/cgi-bin/lspro File: lspro.cgi - 755 Directory: http://www.yoursite.com/cgi-bin/lspro/protected File: admin.cgi - 755 File: .htaccess - 666 File: .htpasswd - 666 File: admin.pl - 666 File: data.file - 666 File: reset_time - 666 File: update_time - 666 the file modified was lspro_list_header.txt I think, which permissions were set to 666. Are they using a simple put to modify? Is put supported by any webserver by default? Or is there another vulnerability hidden in the code? I will start reviewing the code now, maybe you want to join =). Here is the vendor URL: http://www.listsitepro.com/ Siberian CSC Sentry Research Labs (www.sentry-labs.com)
This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 13:42:38 PDT