Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Websphere pentesting questions

From: Feng Chih-hung <chfong () gmail com>
Date: Fri, 23 Sep 2005 14:47:00 +0800
Hi:

In a recent pen-test I came across a few websphere sites
in the customer's perimeter. I am not familiar with websphere
, maybe the experienced ones could shed some light on it:

1. At one site I am able to access websphere system management
   interface. The url is not protected and with "XML Web Administration
Tool" it provided I am able to view/modify/delete websphere resources 
   such as virtual host, default_app, etc. Is there any means
   to further exploit it to get, say, system access or privilege
   escalation?

2. With the admin tool mentioned above I dumped websphere workspace
   to an xml file in which I discovered an obfuscated password for
   ID administrator. Since the obfuscation algorithm is already known
   ( base64_encode(passwd ^ "_" ) I was able to restore the password.
   My question is where does this ID/passwd combination apply?
   Is it supposed to protect the admin interface?

3. I discovered a vulnerability in another websphere server.
   Specifically,
      http://domain.name.of.target/some.jsp works as expected. But
      http://ip.of.target/some.jsp reveals the source code
   My hypothesis is that this is a mis-configuration instead of
   a websphere software bug. Any suggestion? Could it be related
   to, say, the virtual host settings (or lack thereof)?

4. Another vulnerability in another websphere server:
   http://target/some.jsp works as expected, but
   http://target//some.jsp reveals source code
   Again, this looks like a mis-configuration because I could not
   find any information in the search of websphere vulnerability
   history.

In addition to notify the customer of the vulnerabilities I have
to help them fix the problems and confirm they are fixed.
Therefore I would need as much info as I could gather.
Any comments are appreciated.

Regards
chfong

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: 

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: