Penetration Testing mailing list archives
Websphere pentesting questions
From: Feng Chih-hung <chfong () gmail com>
Date: Fri, 23 Sep 2005 14:47:00 +0800
Hi: In a recent pen-test I came across a few websphere sites in the customer's perimeter. I am not familiar with websphere , maybe the experienced ones could shed some light on it: 1. At one site I am able to access websphere system management interface. The url is not protected and with "XML Web AdministrationTool" it provided I am able to view/modify/delete websphere resources
such as virtual host, default_app, etc. Is there any means to further exploit it to get, say, system access or privilege escalation? 2. With the admin tool mentioned above I dumped websphere workspace to an xml file in which I discovered an obfuscated password for ID administrator. Since the obfuscation algorithm is already known ( base64_encode(passwd ^ "_" ) I was able to restore the password. My question is where does this ID/passwd combination apply? Is it supposed to protect the admin interface? 3. I discovered a vulnerability in another websphere server. Specifically, http://domain.name.of.target/some.jsp works as expected. But http://ip.of.target/some.jsp reveals the source code My hypothesis is that this is a mis-configuration instead of a websphere software bug. Any suggestion? Could it be related to, say, the virtual host settings (or lack thereof)? 4. Another vulnerability in another websphere server: http://target/some.jsp works as expected, but http://target//some.jsp reveals source code Again, this looks like a mis-configuration because I could not find any information in the search of websphere vulnerability history. In addition to notify the customer of the vulnerabilities I have to help them fix the problems and confirm they are fixed. Therefore I would need as much info as I could gather. Any comments are appreciated. Regards chfong ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Websphere pentesting questions Feng Chih-hung (Sep 23)