| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <B3B115FC7FE39341A905B254C71697E5032E83F6@FBCMST05V04.fbc.local>
Date: Thu, 25 Jan 2007 19:00:07 +0100
From: <corrado.liotta@...ce.it>
To: <full-disclosure@...ts.grok.org.uk>
Subject: [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash
Disclosure Vulnerability
-=[--------------------ADVISORY-------------------]=-
Siteman 2.0.x2
Author: CorryL [corryl80@...il.com]
-=[-----------------------------------------------]=-
-=[+] Application: Siteman 2.0.x2
-=[+] Version: 2.0.x2
-=[+] Vendor's URL: http://home.no.net/siteman/
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: Remote Md5 Hash Disclosure Vulnerability
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
-=[+] Virtual Office: http://www.kasamba.com/CorryL
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck
..::[ Descriprion ]::..
This is the home of the Siteman project,
a content management system using the flat-file database system txtSQL for data storage.
..::[ Bug ]::..
exploiting this bug a remote attaker is able' to go up again to user name and admin password
what they are found to the first position
..::[ Proof Of Concept ]::..
http://remote-server/db/siteman/users.MYD
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists