Penetration Testing mailing list archives
Re: [PEN-TEST] Silverstream.
From: ERisk.CH () CH EYI COM
Date: Tue, 14 Nov 2000 13:30:09 +0100
I recently did some research on the SilverStream application server and found a number of interesting problems. By default a SilverStream application server is wide open, remote users can do virtually anything. It's extremely important to lock the server down correctly. Unfortunately the SilverStream documentation doesn't help very much (at least it didn't 6 months ago, hopefully SilverStream have improved the doc since then). Also, locking down a SilverStream server is not trivial - there's lots of parameters to change. Many web administrators don't lock their servers down properly... You might like to try the following: 1. Test if the default username / password has been changed when accessing the management console http://web-server/SilverStream/Pages/SMC.html 2. Test if directory listings have been disabled http://web-server/SilverStream 3. Test if it's possible to read internal configuration info. http://web-server/SilverStream/Administration 4. Test if it's possible to get a complete list of webbases installed on the server (great way to find hidden/test web sites) http://web-server/SilverStream/Meta/Webbases 5. Test if remote users can shutdown the web server: silvercmd serverstate web-server shutdown (alternatively telnet to port 80 and type in the appropriate commands :-( 6. Test if it's possible to view statistics or session info: http://web-server/SilverStream/Sessions http://web-server/SilverStream/Statistics 7. Test if it's possible to view the internal database structure: http://web-server/SilverStream/Meta/Tables?access-mode=text also http://web-server/dbname/SilverStream/Meta/Tables?access-mode=text where dbname is the name of the database. 8. Test if it's possible to access the management console WITHOUT entering a username or password. Sorry, I won't give exploit details. HINT, have a closer look at SMC.html For further possibilities, have a close look at the silvercmd executable - an attacker can do a LOT of damage with this... regards David Hyams Ernst & Young Switzerland
Current thread:
- [PEN-TEST] Silverstream. Toni Ursko (Nov 14)
- <Possible follow-ups>
- Re: [PEN-TEST] Silverstream. ERisk . CH (Nov 15)
- [PEN-TEST] WebMethods Seth Georgion (Nov 15)