[x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability Jan 25 2007 06:43PM
corrado liotta alice it
-=[--------------------ADVISORY-------------------]=-

Siteman 1.1.11

Author: CorryL [corryl80 (at) gmail (dot) com [email concealed]]
-=[-----------------------------------------------]=-

-=[+] Application: Siteman
-=[+] Version: 1.1.11
-=[+] Vendor's URL: http://home.no.net/siteman/
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: Remote Md5 Hash Disclosure Vulnerability
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
-=[+] Virtual Office: http://www.kasamba.com/CorryL
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck

..::[ Descriprion ]::..

This is the home of the Siteman project,
a content management system using the flat-file database system txtSQL for data storage.

..::[ Bug ]::..

exploiting this bug a remote attaker is able to go up again to user name and admin password
what they are found to the first position

..::[ Proof Of Concept ]::..

http://remote-server/data/members.txt

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus