[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerabilities in Informix Webdrive

Title: Vulnerabilities in Informix Webdrive
Released by: isno (isno@etang.com)
Date: 2nd January 2001
Printable version: Click here 
Webdriver is the web interface of Informix database,I found it is vulnerable.In the common condition,webdriver is submitted with a parameter,but if you type http://victim/cgi-bin/webdriver directly, It will return a webpage which you can modify or delete database on it.

 

Otherwise, webdriver will make a /tmp/.log file,its attribute is -rw-rw-rw,we can make a symlink and get the nobody privilege,although without root privilege,we can deface the website as nobody.

 

 

 

isno(isno@etang.com)






(C) 1999-2000 All rights reserved.