TUCoPS :: Web :: General :: web5731.htm

Multiple Vulnerabilities in SuperScout Web Reports Server
3rd Oct 2002 [SBWID-5731]

	Multiple Vulnerabilities in SuperScout Web Reports Server


	SurfControl SuperScout WebFilter


	In Matt Moore [matt@westpoint.ltd.uk] advisory [ID#:wp-02-0005] :

	 Usernames and Passwords Retrievable.



	The file located at:



	contains the usernames and  passwords  for  each  user  of  the  reports
	server. The usernames are  in  plain  text,  whilst  the  passwords  are

	 Weak Encryption



	The encryption is implemented via a simple JavaScript, located at:



	The EncryptString  function  takes  two  parameters  'text  string'  and

	Unfortunately, the key is hard-coded into  another  javaScript  function
	and hence it is trivial to decrypt the passwords. (The key is 'test').

	The default administrative password, '3&8>>' decrypts to 'admin'.

	As a result of this, an attacker can access  any  reports  available  on
	the server.

	 DoS via Large GET request



	Repeated large GET requests cause the reports service  to  consume  100%
	CPU, at which point it no longer  services  requests.  The  server  does
	appear to recover eventually. However, this was not tested extensively.

	 Triple Dot Directory Traversal



	An attacker can retrieve any file on the server via a  simple  directory
	traversal attack, e.g.



	 SQL Injection Vulnerability



	The various reports available are  implemented  as  .dll's.  Several  of
	these perform no input validation, and hence  it  is  possible  that  an
	attacker could execute arbitrary SQL queries against the database:

	http://reports-server:8888/SimpleBar.dll/RunReport ?...<various parameters>





	The banner returned by the server is 'MS-MFC-HttpSvr/1.0'. A search  for
	this returned the following link:





	The reports server appears to be based  on  a  sample  application  from
	Microsoft. Other  servers  based  on  this  may  be  vulnerable  to  the
	directory traversal and DoS attacks.


	No patch available. Vendor supplied workaround:

	Disable the reports server and consider using a terminal session to  the
	server to access the reports.

	This advisory is available online at:






TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH