Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJanek Vind aka waraxePACKETSTORM:59447
HistorySep 20, 2007 - 12:00 a.m.

waraxe-2007-SA052.txt

2007-09-2000:00:00
Janek Vind aka waraxe
packetstormsecurity.com
26
JSON
`  
[waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval  
====================================================================  
  
Author: Janek Vind "waraxe"  
Date: 19. September 2007  
Location: Estonia, Tartu  
Web: http://www.waraxe.us/advisory-52.html  
  
  
Target software description:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
http://www.dblog.it/sito/default.asp  
  
DBlog CMS is a open source Content Management System for IIS/ASP platform.  
Some days ago dBlog 2.0 hit the goal of the 110.000 platform downloads,   
over 100.000 of them regarding the lastest version.  
  
GoogleDork: inurl:"articolo.asp" "powered by dblog"  
  
  
Vulnerabilities:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
DBlog stores all the data in JET database file with default name "dblog.mdb".  
This database file is accessible from web as:  
  
http://www.example.com/mdb-database/dblog.mdb  
  
By fetching database anyone can obtain admin password sha hashes and then try to  
crack them and gain admin privileges.  
There are some mitigating factors though:  
  
1. IIS webserver can refuse ".mdb" file download  
2. database file or directory can be renamed to something else  
  
Quick look @ real world sites shows, that ~ 20% of them are exploitable.  
Considering large number of DBlog-based websites, this is serious problem IMHO.  
  
  
How to fix:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
IIS directory restrictions, renaming directory and database file.  
  
  
Greetings:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Greets to pabloski, ToXiC, LINUX, y3dips, Sm0ke, Heintz, slimjim100, Chb  
and all other people who know me!  
Greetings to Raido Kerna.  
Tervitusi Torufoorumi rahvale!  
  
Contact:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
[email protected]  
Janek Vind "waraxe"  
  
Homepage: http://www.waraxe.us/  
  
  
Shameless advertise:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
User Manual Database - http://user-manuals.waraxe.us/  
Old Books Online - http://www.oldreadings.com/  
  
---------------------------------- [ EOF ] ------------------------------------  
  
`
JSON