Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
[x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability
Jan 25 2007 05:54PM
corrado liotta alice it
-=[--------------------ADVISORY-------------------]=-
Siteman 2.0.x2
Author: CorryL [corryl80 (at) gmail (dot) com [email concealed]]
-=[-----------------------------------------------]=-
-=[+] Application: Siteman 2.0.x2
-=[+] Version: 2.0.x2
-=[+] Vendor's URL: http://home.no.net/siteman/
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: Remote Md5 Hash Disclosure Vulnerability
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
-=[+] Virtual Office: http://www.kasamba.com/CorryL
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck
..::[ Descriprion ]::..
This is the home of the Siteman project,
a content management system using the flat-file database system txtSQL for data storage.
..::[ Bug ]::..
exploiting this bug a remote attaker is able' to go up again to user name and admin password
what they are found to the first position
..::[ Proof Of Concept ]::..
http://remote-server/db/siteman/users.MYD
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
Siteman 2.0.x2
Author: CorryL [corryl80 (at) gmail (dot) com [email concealed]]
-=[-----------------------------------------------]=-
-=[+] Application: Siteman 2.0.x2
-=[+] Version: 2.0.x2
-=[+] Vendor's URL: http://home.no.net/siteman/
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: Remote Md5 Hash Disclosure Vulnerability
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
-=[+] Virtual Office: http://www.kasamba.com/CorryL
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck
..::[ Descriprion ]::..
This is the home of the Siteman project,
a content management system using the flat-file database system txtSQL for data storage.
..::[ Bug ]::..
exploiting this bug a remote attaker is able' to go up again to user name and admin password
what they are found to the first position
..::[ Proof Of Concept ]::..
http://remote-server/db/siteman/users.MYD
[ reply ]