SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: [Advisory] Powerslave 4.3 Information Leak Vuln. Date: Sep 19 2003 8:12PM Author: Enrico Kern Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================= H Zero Seven Security Advisory Product : FlyingDog Software - Powerslave Portalmanager Impact : information leak vulnerability Issue date: 19 Sept. 2003 Update : Powerslave 4.4.3pl3 Affected : Powerslave 4.3 ========================================================= Summary: ======== The Powerslave rapid prototyping server unites all functions of a high end content management system and offers in addition a development platform for a whole abundance of applications. Powerslave features a powerfull Url-rewrite function who can be used to obtain Informations about the Database- Structur and under certain conditions execute arbitary SQL-Code (not tested). Informations: ============= Powerslave 4.3 allows URL-rewriting: instead of the PHP standard "?" in the URL, variables are seperated by colons. This helps e.g. Google to spider and index the site. If you enter arbitary sql-commands after the sql-id field in the Document-URL you can obtain informations about the Database-Structure. Example: http://example.com/powerslave,id,10;,nodeid,,_language,uk.html | |- ; or modified querys and table-numbers. Error: Could't find article! SELECT example_table.* FROM example_table WHERE example_table.ID=10; Fix: ==== Upgrade to Powerslave 4.4.3pl3 Disclaimer: =========== This advisory does not claim to be complete. The informations may be inaccurate or wrong. Possible exploit code is only written for testing purposes. Articles based on informatins in this advisory should have an link to this document. Exploit: ======== See Informations. Reference: ========== H Zero Seven - Unix/Linux Developer Team http://www.h07.org Advisory: ========= ftp://ftp.h07.org/pub/h07.org/projects/papers/h07adv-powerslave.txt - -------------------> "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." (Rich Cook) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iD8DBQE/a2M4A0DeN27j6sERAoDZAKCWyYD52eyzqYxbHEVNAz6Qacxk2gCfRCQZ GRtsfZhLL8tMzT3zdDrIMr0= =3nGd -----END PGP SIGNATURE----- Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus