Bug: dBlog CMS Open Source database retrieval (WLB-2007090072 Ascii Version)

English Version
WLB2

CVE WLB2

WLB2
Full List
Bugs
Bogus
Tricks
Exploits
CVE MAP
Full List
Vendors
Products
Tools
CWE Dictionary
Google Hacking
Search
General
CVE
CWE
RSS
Full List
Bugs
Exploits
Dorks
Information
Our services
Add note
About
Submit

To add a note,

use this form

or send email to

submit@cxsecurity.com

When contacting via email, we recommend coded messages.

Get our PGP public key

 Topic: dBlog CMS Open Source database retrieval
 Dork: inurl:"articolo.asp" "powered by dblog"
 Credit: waraxe
 Date: 2007.09.21
 CWE: CWE-264 (Show similar)
 CVE: CVE-2007-5026 (Show details)

Use CVE to see details like:
- CVSS2,
- Affected Software,
- References

Risk
Local
Remote
Low
No
Yes

[waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval
====================================================================

Author: Janek Vind "waraxe"
Date: 19. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-52.html

Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.dblog.it/sito/default.asp

DBlog CMS is a open source Content Management System for IIS/ASP platform.
Some days ago dBlog 2.0 hit the goal of the 110.000 platform downloads,
over 100.000 of them regarding the lastest version.

GoogleDork: inurl:"articolo.asp" "powered by dblog"

Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DBlog stores all the data in JET database file with default name "dblog.mdb".
This database file is accessible from web as:

http://www.example.com/mdb-database/dblog.mdb

By fetching database anyone can obtain admin password sha hashes and then try to
crack them and gain admin privileges.
There are some mitigating factors though:

1. IIS webserver can refuse ".mdb" file download
2. database file or directory can be renamed to something else

Quick look @ real world sites shows, that ~ 20% of them are exploitable.
Considering large number of DBlog-based websites, this is serious problem IMHO.

How to fix:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

IIS directory restrictions, renaming directory and database file.

Greetings:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Greets to pabloski, ToXiC, LINUX, y3dips, Sm0ke, Heintz, slimjim100, Chb
and all other people who know me!
Greetings to Raido Kerna.
Tervitusi Torufoorumi rahvale!

Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

come2waraxe (at) yahoo (dot) com [email concealed]
Janek Vind "waraxe"

Homepage: http://www.waraxe.us/

Shameless advertise:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

User Manual Database - http://user-manuals.waraxe.us/
Old Books Online - http://www.oldreadings.com/

---------------------------------- [ EOF ] ------------------------------------

[ ASCII VERSION ]
Copyright 2012, cxsecurity.com