| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Jul 2003 01:22:56 -0800 From: "Marc Bromm" <theblacksheep@...tmail.fm> To: bugtraq@...urityfocus.com Subject: Information Disclosure Vulnerability in bitboard2 ================================================ <------------------------------------------------> <------------#www.bright-shadows.net#------------> <------------------------------------------------> <--------------#theblacksheep&erik#--------------> <------------------------------------------------> ================================================ Advisory Information -------------------- Advisory Name : Information Disclosure Vulnerability in bitboard2 Author : Marc Bromm <theblacksheep@...tmail.fm> Germany Discover by : Marc Bromm <theblacksheep@...tmail.fm> Germany Release Date : 9. Juli 2003 Application : bitboard2 (textfile based board) Vendor Homepage : http://www.bitshifters.bl.am Vendor Status : notified Vulnerable Versions: bitboard2 (maybe older) Platforms : OS Independent, PHP Severity : High ######Overview: The bitboard2 is a board that need no database to work. So it is useful for webmaster that have no access to a sql database. ######Exploit: 1. Get the admin passwort hash The crypt hash of the admin password is stored in "/admin/data_passwd.dat". Everyone has access to it. So only get the hash and crackit with john. The real problem is that many admins don't use secure passwort ;-) ######Vendor Response: They told me that they are going to fix it in the next version. Greetz to: Erik, (O_o)oOoOoOo. -- theblacksheep@...tmail.fm -- http://www.fastmail.fm - The professional email service
Powered by blists - more mailing lists