Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Websrv Vulnerability - OCX *and* EXE

4 views
Skip to first unread message

Tony McGuire

unread,
Apr 27, 2004, 11:27:04 AM4/27/04
to corel.wpoffice.paradox-web

As posted on pnews, it was recently discovered that there is a hack
vulnerability in the Websrv.ocx AND .exe that allows a person to retrieve
files on the system hosting those web servers.

We've also come up with a fix, but only for the .ocx since the .exe is
compiled and we can't do anything for it.

The hack:
===============================
http://seclists.org/lists/bugtraq/2004/Jan/0262.html

Reported on pnews by Ylle Heinla
===============================

The fix I have come up with (others may have their own version):

if advmatch(request.URI,"(\\\\)|(\\.\\.)") then
stReturn="
<html>
<head>
<script language='javascript'>
document.location.replace('http://www.fbi.gov/cyberinvest/cyberhome.htm');
</script>
<title>Redirecting</title>
</head>
<body>
</body>
</html>
"
response.resultstring=stReturn
return
endif

Place this FIRST in onGetRequest() and onGetQueryRequest() events in the ocx
(can't do anything about the .exe). AND enable those 2 events even if you
don't otherwise use them.

The above redirects the 'visitor' to the FBI Cyber Crimes page.


--
--
Paradox Addons http://www.thedbaddons.com
Paradox Support http://www.thedbcommunity.com/support/

Tony McGuire
If replying by e-mail, reverse the ATs and DOTs

"I woke up and was able to get myself out of bed.
Being that fortunate, what's to complain about?"
_____________


Tony McGuire

unread,
Apr 27, 2004, 12:04:49 PM4/27/04
to corel.wpoffice.paradox-web

D'Uh!

This should go in onPostRequest() as well in order to completely protect
you.

0 new messages