Advisory Information
--------------------
Advisory Name : Information Disclosure Vulnerability in bitboard2
Author : Marc Bromm <theblacksheep (at) fastmail (dot) fm [email concealed]> Germany
Discover by : Marc Bromm <theblacksheep (at) fastmail (dot) fm [email concealed]> Germany
Release Date : 9. Juli 2003
Application : bitboard2 (textfile based board)
Vendor Homepage : http://www.bitshifters.bl.am
Vendor Status : notified
Vulnerable Versions: bitboard2 (maybe older)
Platforms : OS Independent, PHP
Severity : High
######Overview:
The bitboard2 is a board that need no database to work. So it is useful
for webmaster that have no access to a sql database.
######Exploit:
1. Get the admin passwort hash
The crypt hash of the admin password is stored in
"/admin/data_passwd.dat".
Everyone has access to it. So only get the hash and crackit with john.
The real problem is that many admins don't use secure passwort ;-)
######Vendor Response:
They told me that they are going to fix it in the next version.
Greetz to:
Erik, (O_o)oOoOoOo.
--
theblacksheep (at) fastmail (dot) fm [email concealed]
--
http://www.fastmail.fm - The professional email service
<------------------------------------------------>
<------------#www.bright-shadows.net#------------>
<------------------------------------------------>
<--------------#theblacksheep&erik#-------------->
<------------------------------------------------>
================================================
Advisory Information
--------------------
Advisory Name : Information Disclosure Vulnerability in bitboard2
Author : Marc Bromm <theblacksheep (at) fastmail (dot) fm [email concealed]> Germany
Discover by : Marc Bromm <theblacksheep (at) fastmail (dot) fm [email concealed]> Germany
Release Date : 9. Juli 2003
Application : bitboard2 (textfile based board)
Vendor Homepage : http://www.bitshifters.bl.am
Vendor Status : notified
Vulnerable Versions: bitboard2 (maybe older)
Platforms : OS Independent, PHP
Severity : High
######Overview:
The bitboard2 is a board that need no database to work. So it is useful
for webmaster that have no access to a sql database.
######Exploit:
1. Get the admin passwort hash
The crypt hash of the admin password is stored in
"/admin/data_passwd.dat".
Everyone has access to it. So only get the hash and crackit with john.
The real problem is that many admins don't use secure passwort ;-)
######Vendor Response:
They told me that they are going to fix it in the next version.
Greetz to:
Erik, (O_o)oOoOoOo.
--
theblacksheep (at) fastmail (dot) fm [email concealed]
--
http://www.fastmail.fm - The professional email service
[ reply ]