Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: General :: txn-181.txt

ASP Table Editor 7.0 Beta exploit




Tuxtendo Security Advisory
(c) 2001 Tuxtendo
E-Mail: security@tuxtendo.nl
WWW   : http://www.tuxtendo.nl
-------------------------------->


---------------------------
1. Program information
---------------------------
Program Name    : table editor 7.0 beta
Description     : ASP
Vendor          : unknown
Program purpose : ASP Script editor is a script to edit SQL tables / and query it.
Bug Found by    : Argos (argos@tuxtendo.nl)
Tuxtendo ID     : TXN-1810-2001-TX01
Date            : 18-10-2001

---------------------------
2. Problem Description
---------------------------
when you install it by default you will have 2 databases. one is test 
and the other is called users. you can add as much of databases if you 
want but you will always have this users database. the problem is that 
every user can open the users database and view the admin password if 
they have access to the editor. And since there a default guest account 
that wont be so hard ;-)

---------------------------
3. Exploit
---------------------------
well this is very simple. log in with your user account or with the 
default guest account. the past the folowing url:

http://host/tbdir/te_showtable.asp?cid=0&tablename=Users

where host is the host name and tbdir is the dir where table 
editor is installed.

---------------------------
4. Solution
---------------------------

i'm not a asp ninja but my guess is to delete the guest account 
for starters and then rewrite the asp code so that you have to be logged 
in as admin to open that table ;-)

---------------------------
5. Vendor status
---------------------------
contacted several times but not responded.

------------------------------------>
DISCLAIMER:
This advisory does not claim to be complete or to be usable for any purpose.
Especially information on the vulnerable systems may be inaccurate 
Possibly supplied exploit code is not to be used for malicious , but for educational
purposes only.
This advisory is free for open distribution in unmodified form.
Articles that are based on information from this advisory should include link to
www.tuxtendo.nl
------------------------------------>
For more information regarding this 
bug or other information E-Mail:
security@tuxtendo.nl




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH