lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030724011522.15830.qmail@www.securityfocus.com>
Date: 24 Jul 2003 01:15:22 -0000
From: Jim Pangalos <dpangalos@...uxmail.org>
To: bugtraq@...urityfocus.com
Subject: ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta




ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta


Published: 23/07/2003

Released: 23/07/2003

Name: PHP-Gästebuch (http://www.php-gaestebuch.de)

Affected System(s): All versions (?) 

Severity: Medium/High

Platform(s): Windows and Unix 

Issue: Information disclosure enables attackers to take administrative 
control

Author: Trash-80 - dpangalos@...uxmail.org


Description

************

Zone-h Security Team has discovered a serious security flaw in PHP-
Gästebuch Ver. 1.60 Beta and possibly in prior versions.
PHP-Gästebuch is a guestbook system that except a few bugs has functions 
like flooding and webfilter protections ... ;) 


Details

********

1.guestbookdat contains admin's saved settings for PHP-Gästebuch. Is not 
protected and an attacker can retrieve serious information about the 
guestbook.

  ex: www.example.com/guestbook/guestbookdat

2.pwd contains the admin's password which is encrypted by MD5 algorithm.

  ex1: www.example.com/guestbook/pwd  

  ex2:md5 encrypted password: ee21d5f27a8401788147f6f6184ddb11
      md5 unencrypted password: roland
                                                 
An attacker using a md5 cracker like Cain & Abel (www.oxid.it), can crack 
the hash and use the decrypted password in order to login as PHP-
Gästebuch's administrator. 

  ex: www.example.com/guestbook/admin.php



Solution

*********

Protect these two files: guestbookdat & pwd.

The vendor has been contacted.


Trash-80 - www.zone-h.org operator

http://www.zone-h.org





  


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ