Hello List,
Apologies if this has already been found and is well known, but when
accessing the statistics page of a Siebel Web Application, you can gain
a fair amount of information including IP Addresses, other application
URLS, local drive information, cookie values and ID values. I have
also verified that it is possible to hijack sessions based on the "_sn"
cookie value which can be seen in this stats page. I have also seen
Passwords being sent in clear text.
If you navigate to the statistics page:
http://<url>/<app_name>/_stats.swe?verbose=high
Then, if you look under "Applications", you will see the various
applications deployed on the server; if you look under "Locks" you can
see the "Web Publish" location which gives out the drive and directory
information of where the application is installed (you can also get the
siebel version number from this) and lastly if you look under "Current
Operations Processing" you should be able to find IP Address
information and even GET requests which contain session identifiers and
ID information.
I've written a perl script that parses the html file and outputs
relevant useful information. It can be found here:
http://www.zensay.com/files/siebel_stats.pl
For testing purposes, Siebel application servers aren't that hard to
come by; just ask your friend.
Regards,
--
Getsumei No Michi
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
