Penetration Testing mailing list archives
Siebel Statistics Page - Information Disclosure
From: Getsumei No Michi <pentest () zensay com>
Date: Tue, 30 Jan 2007 14:03:56 -0700
Hello List, Apologies if this has already been found and is well known, but when accessing the statistics page of a Siebel Web Application, you can gain a fair amount of information including IP Addresses, other application URLS, local drive information, cookie values and ID values. I have also verified that it is possible to hijack sessions based on the "_sn" cookie value which can be seen in this stats page. I have also seen Passwords being sent in clear text. If you navigate to the statistics page: http://<url>/<app_name>/_stats.swe?verbose=high Then, if you look under "Applications", you will see the various applications deployed on the server; if you look under "Locks" you can see the "Web Publish" location which gives out the drive and directory information of where the application is installed (you can also get the siebel version number from this) and lastly if you look under "Current Operations Processing" you should be able to find IP Address information and even GET requests which contain session identifiers and ID information. I've written a perl script that parses the html file and outputs relevant useful information. It can be found here: http://www.zensay.com/files/siebel_stats.pl For testing purposes, Siebel application servers aren't that hard to come by; just ask your friend. Regards, -- Getsumei No Michi ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Siebel Statistics Page - Information Disclosure Getsumei No Michi (Feb 01)