Bugtraq mailing list archives
Re: HP Quality Center vulnerability
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Wed, 25 Feb 2009 00:19:23 +0100 (CET)
On Mon, 23 Feb 2009 info () exposit co uk wrote:
The front-end of the application is composed of COM components that plug into the web browser. [...] In order to optimize the interaction speed of the application, a cache folder is created on the client machine. [...] Indeed, those files are required on the client machine because the workflow is execute on the client, not on the server. [...] If a user modifies this file and then mark it as read-only, he can execute arbitrary code. As the OTA API allows access to the database, he can also modify the data stored in the database as follows:
You say you can execute arbitrary code on your computer (under your own account)? What an amazing exploit! (pun intended) Any client-server application depending on the client side not being messed with by its user is *broken by design*. It does not matter whether the messing in question is easy (like putting a VB script in the right directory) or difficult (like attaching a debugger to a running process and flipping bits in its memory space).
Please note that HP has released a patch that fixes this issue, please contact HP support for further details.
I wonder what kind of fix has been released. Does anyone think they solved the REAL problem? -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21th century edition /
Current thread:
- HP Quality Center vulnerability info (Feb 23)
- Re: HP Quality Center vulnerability Pavel Kankovsky (Feb 25)