------------------------------------------------------------------
          - EXPL-A-2003-016 exploitlabs.com Advisory 016
------------------------------------------------------------------
       -=- Looksmart / Grub Distributed Webcrawling Client -=-


Donnie Werner
http://exploitlabs.com


Vunerability(s):
----------------
1.local clear user / password in windows registry


Product:
--------
http://www.grub.org/
http://www.looksmart.com/

Vulnerable:
grub-client-1.3.7.exe   May 12, 2003
grub-client-1.3.7.zip   May 12, 2003

Not Vunerable:
grub-client-1.4.3.exe [CURRENT] Jul 2, 2003
grub-client-1.4.3.zip [CURRENT]  Jul 2, 2003
patch-to-1.4.3.exe [CURRENT]  Jul 2, 2003
patch-to-1.4.3.zip [CURRENT]  Jul 2, 2003


Description of product:
-----------------------
 "Grub uses the power of distributed computing to build the best
search on the Web.
It automatically crawls the Web in the background, borrowing your
computer's spare
clock cycles, so you won't even notice it's there. The download is
quick, you control
how much you crawl, and the cool screensaver shows you the real-time
progress your
computer is making. You can even compare your stats to other Grubsters
in the project!
Help perfect the search engine. Join the Grub project today!"


Company Profile:
----------------
"LookSmart is a leader in Search Targeted Marketing. Through its
innovative LookListingsTM
suite of commercial search listings products and graphical advertising
products, LookSmart
enables large and small businesses alike to expose their products and
services to customers
at the precise moment they're searching for that very thing. The
result is a better search
experience for the user, as well as highly qualified leads and lower
customer acquisition
costs for the business. The LookSmart network reaches 77%* of Internet
users, and includes
Microsoft's MSN, [EMAIL PROTECTED], AltaVista, Netscape Netcenter, Inktomi,
Prodigy, Juno, CNN.com,
Road Runner, Cox Interactive Media, InfoSpace (Go2Net, Dogpile,
MetaCrawler) and Ask Jeeves."
*Media Metrix June 2001 Digital Media Audience Ratings


Reviews:
--------
http://www.fortune.com/fortune/smallbusiness/skeptic/0,15704,453288,00.html
David Lidsky
http://www.wired.com/news/infostructure/0,1377,58497,00.html
http://slashdot.org/article.pl?sid=03/04/19/1916209&mode=thread&tid=95



VUNERABILITY / EXPLOIT
======================

Local:
------
Passwords and user names are stored cleartext inside registry under
Windows OS


REG Key
Subkey ( data )

HKEY_CURRENT_USER\Software\VB and VBA Program
Settings\GrubClient\Settings
userEmail
userPassword


Vendor Fix:
-----------
upgrade to..
grub-client-1.4.3


Vendor Contact:
---------------
June 4 2003 left a message at Tel: 415.348.7000 @3am advising them of
my impending release
at 12pm.

Callback 9:10am from corp office.
[EMAIL PROTECTED]
kord campel 415-348-7691

Vendor knows and is working on the issue.

July 10 2003 Installed new client and note issue resolved.


Credits:
--------
Donnie Werner
http://exploitlabs.com "finding your holes is job one, and plugging
them twice the fun"
[EMAIL PROTECTED]

Original Advisory at
http://exploitlabs.com/files/advisories/grub-client.txt
This Advisory is at
http://exploitlabs.com/files/advisories/EXPL-A-2003-016-grub-client.txt

Reply via email to