BugTraq: Advisory: Chili!Soft ASP Multiple Vulnerabilities
Digg
DZone
Reddit
Slashdot
StumbleUpon
del.icio.us
Facebook
FriendFeed
Furl
A posting to BugTraq shares a few security problems with Chili!Soft ASP.
Date: Tue, 20 Feb 2001 22:35:43 +0000
From: Stan Bubrouski
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Advisory: Chili!Soft ASP Multiple Vulnerabilities
Author: Stan Bubrouski (stan@ccs.neu.edu)
Date: February 20, 2001
Package: Chili!Soft ASP
Versions affected: 3.5.2 and possibly previous versions.
Severity: (1) A remote user could potentially view sensative information and
take remote control of the server. (2) The installer installs
a default username and password for the adminstrative console
if auto-detect of settings is used. (3) There are also several
serious file permissions problems.
Problems:
(1) Chili!Soft ASP ships with samples scripts which are located in
/opt/casp/caspsamp by default and are installed on webservers by default
accessable via http://<server>/caspsamp/ A sample script named
codebrws.asp prolly taken from IIS/4.0 originally is vulnerable to a
"../" attack allowing sensative information to be revieled to remote
users. During brief testing I was only able to get the script to read
files on directory above the caspsamp directory which is the /opt/casp
directory by default. This directory contains database
usernames/passwords, the server logs, and the username/password to
administration console. With the password to the administrative console
a remote user with web access can remotely manage the server thus
openning endless possibilies since the console runs as root.
It appears they attempted to prevent people from viewing files outside
the samples directory because when I tried with an url not containing
/caspsamp/ at the begining it would fail and warn me that I'm not allowed
to view files outside the samples directory.
(2) The installer program installs a default username and password for
adminstration console which is remotely accessable via the web. The
username/password are stored in the file /opt/admin/conf/service.pwd
0 Comments (click to add your comment)
Networking Solutions
