Macromedia Dreamweaver Remote Database Scripts

Macromedia Dreamweaver Remote Database Scripts

Published on 2004-03-27. Updated on 2007-03-20.

Description:
Macromedia Dreamweaver has created a directory (_mmServerScripts or _mmDBScripts) that contains scripts for testing database connectivity. One of these scripts (mmhttpdb.php or mmhttpdb.asp) can be accessed without user ID or password and contains numerous operations, such as listing Datasource Names or executing arbitrary SQL queries.

Impact:
It is possible to execute arbitrary SQL queries and list datasouce names.

Recommendation:
Remove these directories from production systems.

Tags: Scripts

Alert Tags: sql_injection,information_disclosure
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: All

References:

NGSSoftware advisory

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking