Exploit Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Information Disclosure

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19466
Проверка EDB
  1. Пройдено
Автор
GREGORY DUCHEMIN
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-1999-0753
Дата публикации
1999-08-18
Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Information Disclosure
Код:
source: https://www.securityfocus.com/bid/591/info

Under certain versions of Mini SQL, the w3-msql CGI script allows users to view directories which are set for private access via .htaccess files. W3-mSQL converts any form data passed to a script into global Lite variables and these variables can then be accessed by your script code.

When an HTML form is defined a field name is given to each element of the form. When the data is passed to W3-mSQL the field names are used as the variable names for the global variables. Once a set of variables has been created for each form element, the values being passed to the script are assigned to the variables. This is done automatically during start-up of the W3-mSQL program. 

First Approach:
This attack requires the attacker to know the location/directory structure of the site she is attacking.

http://www.victim.org/cgi-bin/w3-msql/protected-directory/private-file

Second Approach:
This approach will gain the intruder a DES encrypted password which they can then attempt to crack it via any number of popular cracking utilites.

http://www.victim.org/cgi-bin/w3-msql/protected-directory/.htpasswd
 
Источник
www.exploit-db.com

Похожие темы