|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Information Disclosure Vulnerability in bitboard2
From: Marc Bromm (theblacksheep
fastmail.fm)
Date: Wed Jul 09 2003 - 04:22:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
================================================
<------------------------------------------------>
<------------#www.bright-shadows.net#------------>
<------------------------------------------------>
<--------------#theblacksheep&erik#-------------->
<------------------------------------------------>
================================================
Advisory Information
--------------------
Advisory Name : Information Disclosure Vulnerability in bitboard2
Author : Marc Bromm <theblacksheepfastmail.fm> Germany
Discover by : Marc Bromm <theblacksheepfastmail.fm> Germany
Release Date : 9. Juli 2003
Application : bitboard2 (textfile based board)
Vendor Homepage : http://www.bitshifters.bl.am
Vendor Status : notified
Vulnerable Versions: bitboard2 (maybe older)
Platforms : OS Independent, PHP
Severity : High
######Overview:
The bitboard2 is a board that need no database to work. So it is useful
for webmaster that have no access to a sql database.
######Exploit:
1. Get the admin passwort hash
The crypt hash of the admin password is stored in
"/admin/data_passwd.dat".
Everyone has access to it. So only get the hash and crackit with john.
The real problem is that many admins don't use secure passwort ;-)
######Vendor Response:
They told me that they are going to fix it in the next version.
Greetz to:
Erik, (O_o)oOoOoOo.
--
theblacksheepfastmail.fm
--
http://www.fastmail.fm - The professional email service
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]