lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030708175545.B15D037A10@www.fastmail.fm>
Date: Tue, 08 Jul 2003 09:55:45 -0800
From: "Marc Bromm" <theblacksheep@...tmail.fm>
To: bugtraq@...urityfocus.com
Subject: Information Disclosure Vulnerability in board51, forum51 and news51


 ================================================
<------------------------------------------------>
<------------#www.bright-shadows.net#------------>
<------------------------------------------------>
<--------------#theblacksheep&erik#-------------->
<------------------------------------------------>
 ================================================

Advisory Information
--------------------
Advisory Name      : Information Disclosure Vulnerability in board51,
forum51 and news51
Author             : Marc Bromm <theblacksheep@...tmail.fm> Germany
Discover by        : Marc Bromm <theblacksheep@...tmail.fm> Germany
Release Date       : 8. Juli 2003
Application        : forum51, board51 und news51 (textfile based forum,
board and news system)
Vendor Homepage    : http://www.laforge-groups.de (German site)
Vendor Status      : notified
Vulnerable Versions: board51: v1.0b, v2.0  (maybe older)
                     forum51: v2.5b, v2.6b (maybe older)
                     news51 : v1.0a, v1.5  (maybe older)
Platforms          : OS Independent, PHP
Severity           : High

 

######Overview:

The 51 scripts are textbased webapplications (a forum, a board and a news
system) which are not bad. The design is great and it has many functions.
The official website is http://www.laforge-groups.de

######Exploit:

1. Get admin/user password hashes

All user/admin information are stored in a file named "user.idx" in the
"data" directory. So it is possible for you to open the files with your
browser to get the information. 

For example: 

~/newsdata/data/user.idx
~/forumdata/data/user.idx
~/boarddata/data/user.idx

Then crack the md5 hash and hope that the admin has a not so good
passwort.


######Vendor Response:

They told me that no patch is available and that the user can protect
that directoy with the special file but they think about fixing it in
newer versions.

Greetz to:

Erik, (O_o)oOoOoOo.
-- 
  
  theblacksheep@...tmail.fm

-- 
http://www.fastmail.fm - I mean, what is it about a decent email service?


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ