• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PaintBBS Insecure Default Permissions Vulnerability

PaintBBS is a collection of CGI scripts and a Java applet. It functions as a web based bulletin board system. The applet acts as a drawing program, and allows users to upload pictures to the bbs. PaintBBS is a japanese product.

Some versions of PaintBBS have been reported to suffer from a weak default configuration. Under the default installation, the configuration file and the cgi-bin directory are world readable. Any remote user may request the directory contents, or the contents of the configuration file. Among the information disclosed is the encrypted value of the administration password.

Later versions of PaintBBS may share this configuration.