[waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval
Author: Janek Vind "waraxe"
Date: 19. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-52.html
Target software description:
DBlog CMS is a open source Content Management System for IIS/ASP platform.
Some days ago dBlog 2.0 hit the goal of the 110.000 platform downloads,
over 100.000 of them regarding the lastest version.
GoogleDork: inurl:"articolo.asp" "powered by dblog"
DBlog stores all the data in JET database file with default name "dblog.mdb".
This database file is accessible from web as:
By fetching database anyone can obtain admin password sha hashes and then try to
crack them and gain admin privileges.
There are some mitigating factors though:
1. IIS webserver can refuse ".mdb" file download
2. database file or directory can be renamed to something else
Quick look @ real world sites shows, that ~ 20% of them are exploitable.
Considering large number of DBlog-based websites, this is serious problem IMHO.
How to fix:
IIS directory restrictions, renaming directory and database file.
Greets to pabloski, ToXiC, LINUX, y3dips, Sm0ke, Heintz, slimjim100, Chb
and all other people who know me!
Greetings to Raido Kerna.
Tervitusi Torufoorumi rahvale!
Janek Vind "waraxe"
Homepage: http://www.waraxe.us/
Shameless advertise:
User Manual Database - http://user-manuals.waraxe.us/
Old Books Online - http://www.oldreadings.com/
---------------------------------- [ EOF ] ------------------------------------