Penetration Testing mailing list archives
Re: IBM Websphere Portal pentest
From: Jeremy Brown <0xjbrown41 () gmail com>
Date: Mon, 23 Mar 2009 22:09:40 -0400
There is an overlooked bug in reading (maybe editing) files in Websphere, unless they fixed it. Sniff some POSTs using Live Headers or something and you should be able to read files with SYSTEM privileges, I believe (if that is what Websphere is still run under). So, that is a possibility for escalation, of some kind. Jeremy On Sat, Mar 21, 2009 at 7:48 AM, <pentestb0y () fastmail fm> wrote:
Hi list, I'm doing a pentest for a company with web application built on top of IBM Websphere portal. So far, I managed to get the admin password to the portal. My analysis suggest that their current setup looks like this: Their using WebSEAL reverse proxy which handles the authentication and access control on the Portal's resources served by an IBM HTTP Server with LDAP user directory. So far, that's all I know. I've read a few manuals and ebooks about this whole Portal thing and realized that this is one complex collection of different applications. I only have few days to do the testings so I don't have much time to figure out what else I can do given that I was able to obtain the Portal admin login credentials. I'm trying to build a case on what an attacker can do once he gets admin access to the Portal. Is it possible to enumerate the internal Directory and Databases through the Portal? I've read a short tutorial on how one can create a Portlet and upload it to the Portal. I'm thinking this could probably one should go about it. Before I tell the client that it is game over for them once an attacker gets portal admin rights, I have to explain how an attacker can leverage this situation. Any idea? -- pentestb0y () fastmail fm -- http://www.fastmail.fm - Email service worth paying for. Try it for free ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- IBM Websphere Portal pentest pentestb0y (Mar 23)
- Re: IBM Websphere Portal pentest Jeremy Brown (Mar 23)