Vulnerabilities in Informix Webdriver

2001-01-03T00:00:00
ID SECURITYVULNS:DOC:1121
Type securityvulns
Reporter Securityvulns
Modified 2001-01-03T00:00:00

Description

Webdriver is the web interface of Informix database,I found it is vulnerable.In the common condition,webdriver is submitted with a parameter,but if you type http://victim/cgi-bin/webdriver directly, It will return a webpage which you can modify or delete database on it.

Otherwise, webdriver will make a /tmp/.log file,its attribute is -rw-rw-rw,we can make a symlink and get the nobody privilege,although without root privilege,we can deface the website as nobody.

isno(isno@etang.com)