Brinkster, the web hosting company, is susceptible to multiple attacks allowing remote attacker to retrieve other user's ASP source code, access to database files, and bypass of code controls.
20321697a1b31690cb24599aed57a01f74205775e8fa4851f50d9b0cbf5200ec-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------
BRINKSTER MULTIPLE VULNERABILITIES
- - ------------------------------------------------------
Online URL : http://ferruh.mavituna.com/article/?435
1. Retrieving other users ASP Source Codes
Severity: Highly Critical
2. Accessing Database Files
Severity: Medium Critical
3. Skipping Brinkster Code Controls
Severity: Low Critical
- - ------------------------------------------------------
ABOUT BRINKSTER;
- - ------------------------------------------------------
Brinkster is a popular free and paid Windows based web hosting
company with many customers www.brinskter.com
- - ------------------------------------------------------
VULNURABLE;
- - ------------------------------------------------------
Currently (1/26/2004) Brinskter.com is vulnerable;
- - ------------------------------------------------------
1.RETRIEVING OTHER USERS ASP SOURCE CODES
- - ------------------------------------------------------
Any valid user can access other users source codes just by know file
names. So an attacker can access ASP Source Codes, database passwords
and other information in source codes.
- - ------------------------------------------------------
2. ACCESSING DATABASE FILES
- - ------------------------------------------------------
If you know the name of any Brinkster user database file you can
download it. (You can find database name form source code -see:first
vuln.-). Brinkster use a spesific and accesible folder to store user
database files.
- - ------------------------------------------------------
3. SKIPPING CODE CONTROLS
- - ------------------------------------------------------
Brinkster does not allow some code snippets in ASP files for server
performance. Like "Server.Scripttimeout = 8000". Brinkster File
Manager automatically scanning your uploaded source code and if it
finds any restricted keyword, it will delete your uploaded file.
You can skip this by using ASP built-in Execute() function. This
function is not in Brinkster keyword blacklist. So write a simple
decoder and encoder for your code and use it by Execute() function.
- - ------------------------------------------------------
HISTORY;
- - ------------------------------------------------------
01.01.2004 - Discovered
01.18.2004 - Vendor Informed (twice)
02.08.2004 - Published
- - ------------------------------------------------------
Vendor Status;
- - ------------------------------------------------------
No answer;
Ferruh Mavituna
Web Application Security Specialist
http://ferruh.mavituna.com
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQCfxKzL0QoVzo2STEQJvNACgsL12jR67QCZh0INWbx/jVOs3uPIAn1PJ
lAbSYDuN+8DZGvayj9HmTj/C
=ICL6
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed