BugTraq
Back to list
|
Post reply
ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta
Jul 24 2003 01:15AM
Jim Pangalos (dpangalos linuxmail org)
ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta
Published: 23/07/2003
Released: 23/07/2003
Name: PHP-Gästebuch (http://www.php-gaestebuch.de)
Affected System(s): All versions (?)
Severity: Medium/High
Platform(s): Windows and Unix
Issue: Information disclosure enables attackers to take administrative
control
Author: Trash-80 - dpangalos (at) linuxmail (dot) org [email concealed]
Description
************
Zone-h Security Team has discovered a serious security flaw in PHP-
Gästebuch Ver. 1.60 Beta and possibly in prior versions.
PHP-Gästebuch is a guestbook system that except a few bugs has functions
like flooding and webfilter protections ... ;)
Details
********
1.guestbookdat contains admin's saved settings for PHP-Gästebuch. Is not
protected and an attacker can retrieve serious information about the
guestbook.
ex: www.example.com/guestbook/guestbookdat
2.pwd contains the admin's password which is encrypted by MD5 algorithm.
ex1: www.example.com/guestbook/pwd
ex2:md5 encrypted password: ee21d5f27a8401788147f6f6184ddb11
md5 unencrypted password: roland
An attacker using a md5 cracker like Cain & Abel (www.oxid.it), can crack
the hash and use the decrypted password in order to login as PHP-
Gästebuch's administrator.
ex: www.example.com/guestbook/admin.php
Solution
*********
Protect these two files: guestbookdat & pwd.
The vendor has been contacted.
Trash-80 - www.zone-h.org operator
http://www.zone-h.org
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta
Published: 23/07/2003
Released: 23/07/2003
Name: PHP-Gästebuch (http://www.php-gaestebuch.de)
Affected System(s): All versions (?)
Severity: Medium/High
Platform(s): Windows and Unix
Issue: Information disclosure enables attackers to take administrative
control
Author: Trash-80 - dpangalos (at) linuxmail (dot) org [email concealed]
Description
************
Zone-h Security Team has discovered a serious security flaw in PHP-
Gästebuch Ver. 1.60 Beta and possibly in prior versions.
PHP-Gästebuch is a guestbook system that except a few bugs has functions
like flooding and webfilter protections ... ;)
Details
********
1.guestbookdat contains admin's saved settings for PHP-Gästebuch. Is not
protected and an attacker can retrieve serious information about the
guestbook.
ex: www.example.com/guestbook/guestbookdat
2.pwd contains the admin's password which is encrypted by MD5 algorithm.
ex1: www.example.com/guestbook/pwd
ex2:md5 encrypted password: ee21d5f27a8401788147f6f6184ddb11
md5 unencrypted password: roland
An attacker using a md5 cracker like Cain & Abel (www.oxid.it), can crack
the hash and use the decrypted password in order to login as PHP-
Gästebuch's administrator.
ex: www.example.com/guestbook/admin.php
Solution
*********
Protect these two files: guestbookdat & pwd.
The vendor has been contacted.
Trash-80 - www.zone-h.org operator
http://www.zone-h.org
[ reply ]