COMMAND

    dbmlparser.exe

SYSTEMS AFFECTED

    Those running dbmlparser.exe

PROBLEM

    Robert  Qdial  found  following.   There's  a  popular   guestbook
    probgram,  dbmlparser.exe.   Some  sites  use  dbmlparser.exe   to
    handle there guestbooks, or basic message boards, or the same type
    of stuff.  The problem here is that it calls for a file that holds
    the guestbook or message board postings DBMLFILE=, this is calling
    for DBMLFILE=genericpage.dbml&,  then a  bit more  cgi to regulate
    output  after  that.   The  problem  is  that  it  doesnt   chroot
    correctly, so in theory you can just insert any file that you want
    read access  to.   Now this  is where  this gets  fun.  Without it
    proporly chroot'ng, it will let you read any file on the  computer
    that you  have read  permission to  read.   Now in  theory, Robert
    didn't tried this, but you can modify the source on the html  page
    with  the  the  forms  on  another  site, redirect it to them, and
    respecifiy the  file you  want to  over write.   Very nasty, needs
    addressing.

SOLUTION

    Make proper chrooting.