SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Web Wiz Internet Search Engine Vendors:  Web Wiz Guide
Web Wiz Internet Search Engine Discloses Database to Remote Users
SecurityTracker Alert ID:  1011421
SecurityTracker URL:  http://securitytracker.com/id?1011421
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 27 2004
Impact:  Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Advisory:  Security .Net Information
Description:  Security .Net Information (snilabs) reported a vulnerability in Web Wiz Internet Search Engine. A remote user can access the database, which includes the administrative password.

It is reported that a remote user can access the 'common.inc' file to determine the path and filename for the database file. A remote user can then download the database.

Some demonstration exploit URLs are provided:

http://[target]/common.inc
http://[target]/search_engine.mdb

The administrator's unencrypted password is contained in the database file.
Impact:  A remote user can obtain the database, including the administrative password.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.webwizguide.info/asp/sample_scripts/internet_search_engine_script.asp (Links to External Site)
Cause:  Access control error, Configuration error
Underlying OS:  Windows (Any)
Reported By:  "Security .Net Information" <snilabs@gmail.com>
Message History:   None.

 Source Message Contents
Date:  Sun, 26 Sep 2004 04:45:35 -0300
From:  "Security .Net Information" <snilabs@gmail.com>
Subject:  Web Wiz Guide Internet Search Engine discloses database remote users

 
 
Security .Net Information (snilabs) Advisore:
 
Web Wiz Guide Internet Search Engine discloses database to remote users.
In the file common.inc (accesible to remote users) contain the path
and name of the database.
A remote user can download database containing admin password also
configuration.
 
common.inc:
 
<%
'****************************************************************************************
'**  Copyright Notice    
'**
'**  Web Wiz Guide Internet Search Engine
'**                                                              
'**  Copyright 2001-2002 Bruce Corkhill All Rights Reserved.          
 
......
 
'Database driver for Brinkster
'strCon = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" &
Server.MapPath("/USERNAME/db/search_engine.mdb") 'This one is for
Brinkster users place your Brinster username where you see USERNAME
 
'Alternative drivers faster than the basic one above
'strCon = "Provider=Microsoft.Jet.OLEDB.3.51; Data Source=" &
Server.MapPath("../search_engine.mdb") 'This one is if you convert the
database to Access 97
'strCon = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" &
Server.MapPath("../search_engine.mdb")  'This one is for Access
2000/2002
=====
 
xploit:
 
http://target.com/common.inc
http://target.com/search_engine.mdb
 
Database Administrator's password is not encrypted. heh..
 
Vendor contacted: not yet.. lol
-- 
Security .Net Information..
irc.xirc.org #sni-labs
Questions?... mail me


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC