Bugtraq mailing list archives
SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application
From: todd () INTERNETWORKING COM (Todd Beebe)
Date: Fri, 31 Mar 2000 18:50:35 -0600
Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, I am not liable for any damages caused by direct or indirect use of the information or functionality provided by this advisory. I bear NO responsibility for content or misuse of this advisory or any derivatives thereof. We have contacted the vendor numerous times to find solutions for the following issues, however, their response has been the typical "none of our other customers have a problem with the current configuration" or "that is how we have always set it up in the past". Background: Eviewer is a web-based application that is designed to offer a browser interface to SalesLogix data. Issues: 1. The following URL will instruct the application DLL to essentially shutdown, restart, and reread the configuration. Our experience has been, each time the command is run, the application CRASHES and requires a reboot to reset. In addition, the "administrative" command requires NO PASSWORD to issue the shutdown command. http://yourserver.com/scripts/slxweb.dll/admin?command=shutdown Secondary Concerns: In addition to the security issues surrounding the non-password protected admin command, here are some additional "requirements" necessary to install the product (see if you can find the security holes): 1. Change the standard "anonymous" user account from the default IUSR_{systemname}, that has guest priviledge, to a newly defined slxwebuser account with administrative priviledge. 2. Create multiple shares on the webserver, including shares to the root webserver document directory and /scripts directory. 3. The slxweb.dll program, which allows admin commands, must be installed in the /scripts directory (you cannot move it to /cgi-bin, etc). 4. Both the installation guide, and tech support "strongly suggest" you install IIS in its default location c:\inetpub\wwwroot. Have a great day.
Current thread:
- Microsoft Security Bulletin (MS00-019), (continued)
- Microsoft Security Bulletin (MS00-019) Microsoft Product Security (Mar 30)
- Microsoft Security Bulletin (MS00-021) Microsoft Product Security (Mar 30)
- Napster, Inc. response to Colten Edwards Elias Levy (Mar 30)
- Cobalt apache configuration exposes .htaccess Paul Schreiber (Mar 30)
- Re: Napster, Inc. response to Colten Edwards Danny Crawford (Mar 30)
- Re: Napster, Inc. response to Colten Edwards Dylan Griffiths (Mar 30)
- Alert: MS Index Server (CISADV000330) Cerberus Security Team (Mar 30)
- Webstar 4.0 Buffer overflow vulnerability Ilhom Djalilov (Mar 31)
- Microsoft Security Bulletin (MS00-006) Microsoft Product Security (Mar 31)
- [ Cobalt ] Security Advisory -- 03.31.2000 Jeff Lovell (Mar 31)
- SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application Todd Beebe (Mar 31)
- Windmail allow web user get any file Frankie Zie (Mar 25)
- Re: Local Denial-of-Service attack against Linux Gigi Sullivan (Mar 26)
- Re: Local Denial-of-Service attack against Linux Gigi Sullivan (Mar 31)
- Re: gpm-root Alessandro Rubini (Mar 23)