[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] userList.php possible exploit

Subject: RE: [cobalt-users] userList.php possible exploit
From: "H.P. Noordam" <bno@xxxxxxxxx>
Date: Mon May 5 07:41:02 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Mon, 5 May 2003, Tom Honec wrote:
>
> I would like to bring to your attention a recent exploit which we found
> on some Cobalt RaQ 550s.  I would like your assistance in verifying this
> possible exploit.
>
> Possible Exploit:
> An authenicated Site Administrator is able to view all users on the
> local system.
>
> Steps to Duplicate:
> 1.  Create a site on the RaQ 550
> 2.  Assign a user with Site Administrator privledge
> 3.  Access the following URL:
> http://www.domain.com:81/base/user/userList.php?group=
> 4.  Login with the newly created Site Administrator account
> 5.  You should see all users on the server
>
> My question to User Group, is has this been corrected by Sun, can it be
> duplicated?
>

YES , i can duplicate it. chanching port 81 in your ULR to 444 (the default
admin port, i can login as ANY site admin, and view the entire list !!

bad bad bad


Bob.

Follow-Ups:
- RE: [cobalt-users] userList.php possible exploit
  - From: Gerald Waugh
- Re: [cobalt-users] userList.php possible exploit
  - From: Anders

References:
- Re: [cobalt-users] userList.php possible exploit
  - From: Gerald Waugh

Prev by Date: RE: [cobalt-users] [OT] [Qube3] How to compile PHP 4.3.1 with JPEG Support
Next by Date: RE: [cobalt-users] userList.php possible exploit
Previous by thread: Re: [cobalt-users] userList.php possible exploit
Next by thread: RE: [cobalt-users] userList.php possible exploit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index