Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IBM Websphere Portal pentest

From: Jeremy Brown <0xjbrown41 () gmail com>
Date: Mon, 23 Mar 2009 22:09:40 -0400
There is an overlooked bug in reading (maybe editing) files in
Websphere, unless they fixed it. Sniff some POSTs using Live Headers
or something and you should be able to read files with SYSTEM
privileges, I believe (if that is what Websphere is still run under).
So, that is a possibility for escalation, of some kind.

Jeremy

On Sat, Mar 21, 2009 at 7:48 AM,  <pentestb0y () fastmail fm> wrote:

Hi list,

I'm doing a pentest for a company with web application built on top of
IBM Websphere portal.
So far, I managed to get the admin password to the portal. My analysis
suggest that their current setup looks like this:

Their using WebSEAL reverse proxy which handles the authentication and
access control on the Portal's resources served by an IBM HTTP Server
with LDAP user directory.

So far, that's all I know.


I've read a few manuals and ebooks about this whole Portal thing and
realized that this is one complex collection of different applications.
I only have few days to do the testings so I don't have much time to
figure out what else I can do given that I was able to obtain the Portal
admin login credentials.


I'm trying to build a case on what an attacker can do once he gets admin
access to the Portal. Is it possible to enumerate the internal Directory
and Databases through the Portal? I've read a short tutorial on how one
can create a Portlet and upload it to the Portal. I'm thinking this
could probably one should go about it.


 Before I tell the client that it is game over for them once an attacker
 gets portal admin rights, I have to explain how an attacker can
 leverage this situation.


Any idea?
--

 pentestb0y () fastmail fm

--
http://www.fastmail.fm - Email service worth paying for. Try it for free


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced 
Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain 
your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical 
Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your 
Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: