Bugtraq mailing list archives
Stupid bug in W3-msql
From: veille () NEUROCOM COM (gregory duchemin)
Date: Tue, 17 Aug 1999 17:13:48 -0000
hi, there is a really stupid bug in w3-msql cgi-bin developped by Hughes Technology: http://www.Hughes.com.au This bug is a bit old but seams to be always actual in the last release of this software: mini-sql v 2.0.10.1 It's very simple to exploit the flaw; An intruder is able to look at everything on a remote web server even if the directory is ".htaccess protected". (eg apache) the first way to do it: http://www.victim.org/cgi-bin/w3-msql/protected-directory/pr ivate-file note: in this case, the intruder 'll have to already know th structure of the directory the second way: http://www.victim.org/cgi-bin/w3-msql/protected-directory/.h tpasswd in this way, intruder 'll get all DES encrypted password for authorized users in plain text and so will be able to crack any account (eg Crack 5.0 alex muphett) Solution: First: there is no private directory in your site, ok...in this case, u don't matter with this bug Otherwise, don't put your .htpasswd files under apache root (change your link in .htaccess) and contact quickly Hughes Technology. have a nice day Gregory Duchemin (security engineer) Neurocom 179-181 Av Charles De Gaulle 92200 Neuilly Sur Seine
Current thread:
- Internet Auditing Project Elias Levy (Aug 13)
- Re: Internet Auditing Project Jerry Carlin (Aug 13)
- Re: Internet Auditing Project CyberPsychotic (Aug 16)
- Re: Internet Auditing Project Viljo Hakala (Aug 17)
- Stupid bug in W3-msql gregory duchemin (Aug 17)
- Re: Stupid bug in W3-msql David J. Hughes (Aug 19)
- Httpd Logging Methods v0rt (Aug 23)
- <Possible follow-ups>
- Re: Internet Auditing Project David Luyer (Aug 15)
- Re: Internet Auditing Project Peter J. Holzer (Aug 17)
- [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Bill Nottingham (Aug 17)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Michal Zalewski (Jul 03)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Michal Zalewski (Jul 03)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Tymm Twillman (Aug 19)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Michal Zalewski (Jul 03)
- [RHSA-1999:029-01] Denial of service attack in in.telnetd Bill Nottingham (Aug 19)
- Re: Internet Auditing Project Jerry Carlin (Aug 13)