Welcome to ALLSeek.iNFO - Security related portal. Search crack, serial number, keygen, patch, activation unlock code - PWS (Professional Web Server) vulnerable let user access to datasource via browser

Press CTRL-D to bookmark us

Welcome Guest

Main Menu

Network

Sponsor

Top 10 Sites

Partners

Top Submit news Subscribe

Previous article Back to news list Next article

Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?

PWS (Professional Web Server) vulnerable let user access to datasource via browser

Categorie: Vulnerability
Posted: 2005-03-03 by basher13
Views: 452

Current Rating: Not rated

Details

Update:
9:36 AM 3/4/2005

Subject:
" PWS (Professional Web Server) vulnerable let user access to datasource via browser "

Description:
PWS (Professional Web Server) is open source under GNU license created by Sergey Kloubkov
written in Visual Basic.Ability of mid-user to create Home Based Web Server.

Vulnerable was found ,user can download the PWS database file (db.mdb)only whit use browser
,when download db.mdb has done,open whit use MS Access ,a table for security, password and
username will be found .'Security'table is username/password for administration to setup
PWS for secure folder,that only administrator can accsess.

Demo:

http://[host]/[filename].mdb
http://[host]/secured/

Security table:

UserName Password
test test
'a username for admin is'test' and password was 'test'

Users table:

UserName Password FirstName LastName EMail DateOfRegistration
joe letmein joefy tenno joefy@mail.com

Exploit:

http://[host]/db.mdb

Solution:
'VBSource code PWS (Professional Web Server)
'As seen on below the database source are stored on default path (eg;db.mdb)
'Changes or rename data source for db.mdb to any names

Private Sub Form_Load()

Dim itmX As ListItem
Dim db As Connection
Me.Show
...
.....

db.Open "PROVIDER=Microsoft.Jet.OLEDB.3.51;Data Source=" & App.Path & "\db.mdb;" 'rename
"\db.mdb to any name,eg;
Data Source=" & App.Path & "\db.mdb;" set to Data Source=" & App.Path & "root\
adminweb.mdb;" or created a new folder for database

...
Do While Not adoUsersRS.EOF
Set itmX = Me.lsvUsers.ListItems.Add(, , adoUsersRS.Fields(0))
itmX.Tag = adoUsersRS.Fields(4)
itmX.SubItems(1) = adoUsersRS.Fields(1)
adoUsersRS.MoveNext
Loop
db.Close
Set db = Nothing
Set adoUsersRS = Nothing
..

db.Open "PROVIDER=Microsoft.Jet.OLEDB.3.51;Data Source=" & App.Path & "\db.mdb;"
'rename "\db.mdb to any name,eg;Data Source=" & App.Path & "\db.mdb;" rename to Data Source="
& App.Path & "root\adminweb.mdb;" or created a new folder for database

Set adoAdminRS = New Recordset
adoAdminRS.Open "select * from Security", db, adOpenStatic, adLockOptimistic
...
End Sub

Vendor URL:
serechenka@icqmail.com

Reported by:
basher13 [at]linuxmail.org
Infamous Group - http://98.to/infamous

Syndication

Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1399

User comments (post your comments here)

Only registerd members can post comments and articles

Previous article Back to news list Next article

InterJOB.su

LAST QUERIES