Description *********** Macromedia's Dreamweaver is used to develop web sites and applications. To aid in the development of web applications that require database connectivity certain test scripts are created and uploaded to the website. These scripts help to test database connectivity. If left these scripts can allow an attacker to gain access to the backend database server, without the attacker having to supply a user ID and password.
Details ******* To help test database connectivity when a web application is being developed an ASP script, mmhttpdb.asp, is upload to the website. This script can be accessed without and user ID or password and contains numerous operations. One of these operations allows users to list all Datasource Names defined on the web server. A second operation allows users to run arbitrary SQL queries. Using a combination of these two operations an attacker can compromise the backend database server. The vulnerable ASP script is usually uploaded to a "_mmServerScripts" directory if using Dreamweaver MX or "_mmDBScripts" directory if using Dreamweaver Ultradev. These directories should be deleted on production systems.
