[<prev] [next>] [day] [month] [year] [list]
Message-ID: <00bf01c3217a$369b9b00$643afea9@a>
Date: Sat, 24 May 2003 00:15:52 +0200
From: "bugtracklist.fm" <bugtracklist@...email.hu>
To: <bugtraq@...urityfocus.com>
Subject: TextPortal Default Password Vulnerability
TextPortal Default Password Vulnerability
Advisory ID: B$H-2003:001
Advisory URL: http://www.tar.hu/bsh/reports/bsh-2003-001.txt
Date: 2003.05.22.
Original Advisory Date: 2003.05.10.
Discovery date: 2003.05.10.
Type: Vulnerability / Exploit
Product: TextPortal
Affected versions: All (as of discovery date)
Fixed Version: None
Vendor notified: 2003.05.10.
Vendor response: 2003.05.16.
Product/vendor URL: http://www.textportal.hu/
Author: B$H
Author info: bsh@....hu / http://www.tar.hu/bsh/
Greetz to : Sigterm, Dodge Viper, Geo, DVHC
------------------------------------------------------
Product description:
------------------------------------------------------
TextPortal is a text-based PHP portal system with forum, voitig,
user
registration, etc. To use this portal system you need only php on the
web
server.
------------------------------------------------------
Vulnerability:
------------------------------------------------------
The default admin password is: admin. The administrators change this
always.
You can change the admin passord at admin-menu -> admin passwor menu item.
The
admin password is in admin_pass.php :
<?php
god1¤t.gEaVtS1Uh86
god1-tmp¤d.9qw2fVYDNh2god2¤ijv.8ZKH0lW8s
god2¤3JVqJsoQ4Dph2
What is good2? Good 2 is also an administrator (editor). This user
hasn't
got full controll, but you can change many things:
- Voting
- Articles
- Downloads
- Links
- Gallery
- Forum
- Visitor's Book
- Statistics
The portal use the crypt php function to the passwords. So you can crack
this
password with any UNIX password cracker. The result: 3JVqJsoQ4Dph2:12345.
;)
The passwor is: 12345. Many people don't know this and they don't change
the
password.
------------------------------------------------------
Exsploit:
------------------------------------------------------
http://[target]/admin.php
Target 12345 and Enter. ;)
-----------------------------------------------------
Solution:
------------------------------------------------------
Chenge the editor password: admin menu > admin password > change
editor
password. Or write the crypted password to the admin_pass.php after the
part:
"god2¤".
B$H
bsh@....hu
www.tar.hu/bsh
2003.05.22.
Powered by blists - more mailing lists