iBill Management Script Weak Hard-Coded Password Vulnerability

info
discussion
exploit
solution
references

iBill Management Script Weak Hard-Coded Password Vulnerability

iBill is an Internet billing company that provides secure payment processing for e-commerce.

A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default password is the client's MASTER_ACCOUNT name plus two lower case letters. The MASTER_ACCOUNT name can be determined by viewing the HTML source of the site's sign-up pages.