Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: web5700.htm

DB4Web component bug allows all files on server to be downloaded

18th Sep 2002 [SBWID-5700]

		A DB4Web component allows files on the server to be downloaded




		Stefan              Bagdohn              []
		[] says :

		A DB4Web (R) server accessed with a webbrowser  usually  requests  local
		or remote databases  to  generate  dynamic  html  pages.  By  requesting
		malicious URLs one can manipulate the  server  application  to  disclose
		files located on the server system. The browser will download  them  and
		(according to the mime-type)  show  them  directly  within  the  browser
		window. The db4web_c binary  (on  Unix/Linux  systems)  or  db4web_c.exe
		binary  (on  MS  Windows)  is  located  within  the  cgi-bin   (scripts)
		directory of the  webserver  on  the  DB4Web  (R)  system.  This  binary
		executes  the  database  query  and  is  accessibly   by   the   clients


		On MS Windows systems the URL to retrieve the boot.ini file  would  look



		On Linux/Unix servers the following URL will show /etc/hosts:



		In the above examples db4web.server.system means the Name or IP  address
		of the server, dbdirname ist the name of the  local  database  directory
		and %3A%5C is the representation of :\ needed to access c:\boot.ini.

		One can also download files, cmd.exe for example, by requesting




		The DB4Web team provided an update of their software and notified  their
		customers about the problem. The patches can be found at:


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH