lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 24 May 2003 00:15:52 +0200
From: "bugtracklist.fm" <bugtracklist@...email.hu>
To: <bugtraq@...urityfocus.com>
Subject: TextPortal Default Password Vulnerability


TextPortal Default Password Vulnerability

Advisory ID:                  B$H-2003:001
Advisory URL:               http://www.tar.hu/bsh/reports/bsh-2003-001.txt
Date:                              2003.05.22.
Original Advisory Date:   2003.05.10.
Discovery date:               2003.05.10.
Type:                              Vulnerability / Exploit
Product:                          TextPortal
Affected versions:            All (as of discovery date)
Fixed Version:                 None
Vendor notified:               2003.05.10.
Vendor response:             2003.05.16.
Product/vendor URL:       http://www.textportal.hu/

Author:                           B$H
Author info:                     bsh@....hu / http://www.tar.hu/bsh/
Greetz to :                       Sigterm, Dodge Viper, Geo, DVHC

------------------------------------------------------
Product description:
------------------------------------------------------

TextPortal  is  a  text-based  PHP  portal  system  with  forum,  voitig,
user
registration,  etc. To  use this  portal system  you need  only php  on the
web
server.

------------------------------------------------------
Vulnerability:
------------------------------------------------------

The default admin  password is: admin.  The administrators change  this
always.
You can change the admin passord at admin-menu -> admin passwor menu item.
The
admin password is in admin_pass.php :

<?php
god1¤t.gEaVtS1Uh86
god1-tmp¤d.9qw2fVYDNh2god2¤ijv.8ZKH0lW8s
god2¤3JVqJsoQ4Dph2

What is  good2? Good  2 is  also an  administrator (editor). This  user
hasn't
got full controll, but you can change many things:

- Voting
- Articles
- Downloads
- Links
- Gallery
- Forum
- Visitor's Book
- Statistics

The portal use the  crypt php function to  the passwords. So you  can crack
this
password with any  UNIX password cracker.   The result: 3JVqJsoQ4Dph2:12345.
;)
The passwor is:  12345. Many people  don't know this  and they don't  change
the
password.

------------------------------------------------------
Exsploit:
------------------------------------------------------

http://[target]/admin.php
Target 12345 and Enter. ;)

-----------------------------------------------------
Solution:
------------------------------------------------------

Chenge  the  editor password:  admin  menu >  admin  password >  change
editor
password. Or write  the crypted password  to the admin_pass.php  after the
part:
"god2¤".

B$H
bsh@....hu
www.tar.hu/bsh

2003.05.22.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ