what you don't know can hurt you

BWL-00-05.txt

BWL-00-05.txt
Posted May 15, 2000
Authored by Black Watch Labs | Site perfectotech.com

Black Watch Labs Security Advisory #00-05 (May 5, 2000) - Gossamer Threads DBMan (db.cgi) allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible. DBMan dumps useful information (e.g. script location, HTTP root, version of Perl, server_admin, server_name, path) to the browser when the database file provided is incorrect. Perl exploit included.

tags | web, cgi, root, perl
MD5 | d9a9c73617fc0034d47ea59f768dc342

BWL-00-05.txt

Change Mirror Download
   Black Watch Lab - Vulnerabilities

Black Watch Labs ID: BWL-00-05

Environment and Setup Variables can be Viewed through DBMan (db.cgi) Script
Black Watch Labs Security Advisory #00-05 (May 05, 2000)
Name:
Environment and Setup Variables can be Viewed through DBMan (db.cgi) Script
Black Watch Labs ID:
BWL-00-05
Date Released:
May 5, 2000
Category:
Application (HTML): modification of parameters, debug options
Products affected:
Gossamer Threads DBMan (db.cgi)
Number of affected sites/pages/users:
It is estimated that there are more than 2,000 pages containing links to db.cgi. The Gossamer Threads site contains a
list of some sites that use DBMan: http://www.gossamer-threads.com/scripts/resources/DBMan/Sites_In_Action/
Summary:
The script allows several environment variables to be viewed by the attacker, who can gain useful information on the
site, making further attacks more feasible.
Analysis:
DBMan dumps useful information (e.g. script location, HTTP root, version of Perl, server_admin, server_name, path) to
the browser when the database file provided is incorrect.
Exploits:
DBMan: the demo site of DBMan does not contain a database named no-db, thus the following URL displays the environment
dump (note: this url may not work as the vendor has applied the patch to the site. However, a similar url, when
applied within the necessary modifications to an unprotected site would yield the desired result.):
http://www.gossamer-threads.com/scripts/dbman/db.cgi?db=no-db
Vendor Patch or workaround:
The following patch was provided by Gossamer Threads

To fix, replace cgierr in db.cgi with:
sub cgierr {
# --------------------------------------------------------
# Displays any errors and prints out FORM and ENVIRONMENT
# information. Useful for debugging.
if (!$html_headers_printed) {
print "Content-type: text/html\n\n";
$html_headers_printed = 1;
}
print "DBMan encountered an internal error. ";
if ($db_debug) {
print
"</font></p>
<div align="left"><pre><font size="3"
face="Arial, Helvetica, sans-serif">\n\nCGI ERROR\n==========================================\n";
$_[0] and print "Error Message : $_[0]\n";
$0 and print "Script Location : $0\n";
$] and print "Perl Version : $]\n";
$db_setup and print "Setup File : $db_setup.cfg\n";
$db_userid and print "User ID : $db_userid\n";
$db_uid and print "Session ID : $db_uid\n";

print "\nForm Variables\n-------------------------------------------\n";
foreach $key (sort keys %in) {
my $space = " " x (20 - length($key));
print "$key$space: $in{$key}\n";
}
print "\nEnvironment Variables\n-------------------------------------------\n";
foreach $env (sort keys %ENV) {
my $space = " " x (20 - length($env));
print "$env$space: $ENV{$env}\n";
}
print "\n</font></pre>
</div><p><font size="3"
face="Arial, Helvetica, sans-serif">"; } else {
print "Please enable debugging to view."; }
exit -1; }

This will only enable the displaying of environment variables if $db_debug is turned on in the config file. Users
should turn this off when they are done testing.

References and Links:
Gossamer Scripts (DBMan): http://www.gossamer-threads.com/scripts/dbman/
Gossamer Scripts DBMan demo site: http://www.gossamer-threads.com/scripts/dbman/db.cgi
About Black Watch Labs (www.perfectotech.com/blackwatchlabs/)
Black Watch Labs is a research group operated by Perfecto Technologies Inc., the leader in Web Application Security
Management. Black Watch Labs was established in order to further the knowledge of the Internet community in the arena
of Web application security management. Black Watch Labs publishes security advisories regularly, which are maintained
at http://www.perfectotech.com/blackwatchlabs/, and are also posted to relevant security lists and Web sites. Black
Watch Labs also operates a Web application security mailing list, which can be subscribed to at
http://www.perfectotech.com/blackwatchlabs/. For more info about Black Watch Labs and Web Application Security
Management, please call (408) 855-9500 or email BlackWatchLabs@perfectotech.com.

About Perfecto Technologies (http://www.perfectotech.com/)
Founded in 1997 and headquartered in Santa Clara, Calif., Perfecto Technologies is the leader in Web Application
Security Management software. AppShield(TM), Perfecto's flagship product, is the first to provide automatic Web site
security, enabling companies to realize faster time to market while meeting the demand for privacy and security. Black
Watch Labs was established to further the knowledge of Web application security within the Internet security
community. Privately held, Perfecto is funded by blue-chip venture capital firms and industry leaders, including
Goldman Sachs, Intel Corporation, Sequoia Capital, The Sprout Group and Walden Israel. More information about Perfecto
Technologies may be obtained by visiting the Company's Web site at www.perfectotech.com or by calling the Company
directly at (408) 855-9500.
Copyright © 1997-2000 Perfecto Technologies LTD. All rights reserved.
Permission is hereby granted to reproduce and distribute the application security alerts herein in their entirety,
provided the information, this notice and all other Perfecto Technologies marks remain intact.
Specific Limitations on Use of the Black Watch Labs Advisories
THIS ADVISORY INCLUDES INFORMATION WHICH WILL ILLUSTRATE CERTAIN SECURITY RISKS AND ISSUES ASSOCIATED WITH SITES ON
THE INTERNET, INCLUDING, POTENTIALLY, YOUR SITE. YOU AGREE THAT YOUR VIEWING OF THIS ADVISORY IS SOLELY FOR THE
PURPOSES OF UNDERSTANDING THESE RISKS AND ISSUES WITH RESPECT TO YOUR SITE AND THE PRODUCTS AND SERVICES OFFERED BY
PERFECTO TECHNOLOGIES. YOU AGREE NOT TO USE ANY INFORMATION DISCLOSED TO YOU FOR ANY IMPROPER OR ILLEGAL PURPOSE,
INCLUDING TO VIOLATE THE SECURITY OF ANY OTHER PERSON'S SITE. YOU ARE EXPLICITLY WARNED THAT THE USE FOR ANY IMPROPER
PURPOSE OF INFORMATION DISCLOSED TO YOU COULD SUBJECT YOU TO CIVIL AND CRIMINAL LIABILITY IN THE UNITED STATES AND
OTHER COUNTRIES.
NO WARRANTY
Any material furnished by Perfecto Technologies is furnished on an "as is" basis and may change without notice.
Perfecto Technologies makes no warranties of any kind, either expressed or implied as to any matter including but not
limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use
of the material. Neither does Perfecto Technologies make any warranty of any kind with respect to freedom from patent,
trademark or copyright infringement. In no event shall Perfecto Technologies be liable for any damages whatsoever
arising out of or in connection with the use or spread of this information. Any use of this information is at the
user's own risk.
Login or Register to add favorites

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close