[14911] in bugtraq
Allmanage.pl Vulnerabilities
daemon@ATHENA.MIT.EDU (bighawk)
Tue May 16 03:05:01 2000
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="-----------------------------7d0aa252b8"
Message-Id: <20000516051341.5685.qmail@callisto.nitronet.net>
Date: Tue, 16 May 2000 05:13:41 -0000
Reply-To: bighawk <bighawk@WARFARE.COM>
From: bighawk <bighawk@WARFARE.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
-------------------------------7d0aa252b8
Content-type: text/plain
I discovered 2 serious vulnerabilities in allmage.pl, website administration software.
Details included in the text files.
Bighawk
______________________________________________________________________
Get Your Own Private, Free Email Account at http://www.dotcomemail.com
Now With Nearly 1,000 Domains to Choose From!
-------------------------------7d0aa252b8
Content-type: text/plain;
name="allmanage.pl.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="allmanage.pl.txt"
QWxsbWFuYWdlLnBsIHZ1bG5lcmFiaWxpdHkgKDEzIG1heSAyMDAwKQ0KDQpXZWJzaXRlcyB1c2lu
ZyAnQWxsbWFuYWdlIFdlYnNpdGUgQWRtaW5pc3RyYXRpb24gU29mdHdhcmUgMi42IFdJVEggdGhl
IHVwbG9hZCBhYmlsaXR5JywgYW5kIG1heWJlDQplYXJsaWVyIHZlcnNpb25zICwgY29udGFpbiBh
IHZ1bG5lcmFiaWxpdHkgd2ljaCBnaXZlcyB5b3UgZnVsbCBhZGQvZGVsL2NoYW5nZSANCmFjY2Vz
cyBpbiB0aGUgdXNlci1hY2NvdW50IGRpcmVjdG9yaWVzIGFuZCB5b3UgY2FuIGNoYW5nZSB0aGUg
ZmlsZXMgaW4gdGhlIG1haW4gZGlyZWN0b3J5IG9mIHRoZQ0KQ0dJIHNjcmlwdC4NCg0KR28gaW5z
dGVhZCBvZiAvYWxsbWFuYWdlLnBsIHRvIC9hbGxtYW5hZ2V1cC5wbCAoZXh0ZW5zaW9uIGNhbiBi
ZSAuY2dpIGV2ZW50dWFsbHkpLg0KWW91IGxsIGdldCBpbnRvIHRoZSAiVXBsb2FkIFN1Y2Nlc3Nm
dWwhIHBhZ2UiIGFuZCBwcmVzcyBvbiB0aGUgJ1JldHVybiBUbyBGaWxlbWFuYWdlcictYnV0dG9u
Lg0KTm93IHlvdSBsbCBnZXQgaW50byB0aGUgUm9vdCBEaXJlY3RvcnkuIEZyb20gaGVyZSB5b3Ug
Y2FuIGFkZCwgY2hhbmdlLCBkZWxldGUgdXNlci1hY2NvdW50cyBhbmQNCmNoYW5nZSB0aGUgY29u
dGVudHMgb2YgdGhlIGRpcmVjdG9yeSBtYWluIHBhZ2UuDQoNClRoaXMgdnVsbmVyYWJpbGl0eSBp
cyBvbmx5IHRlc3RlZCB3aXRoIHRoZSBQZXJsIHZlcnNpb24gb2YgdGhlIHNjcmlwdCBvbiA5IGRp
ZmZlcmVudCBzaXRlcywgYWxsDQp3ZXJlIHZ1bG5lcmFibGUsIGFuZCBpdCBpcyBub3QgdGVzdGVk
IHdpdGggdGhlIE15U1FMIHZlcnNpb24gYW5kIGVhcmxpZXIgcmVsZWFzZXMuIA0KDQpBbGxtYW5h
Z2UgaXMgZnJlZXdhcmUgKHd3dy5wcm93ZWJwYWdlcy5jb20pIGFuZCBkaXN0cmlidXRlZCBvbiBz
ZXZlcmFsIENHSS1yZXNvdXJjZS1zaXRlcy4gV2ljaCANCmluZGljYXRlcyB0aGF0IHRoZSBzY3Jp
cHQgaXMgd2lkZXNwcmVhZCwgbm90IHN1cmUuICANCg0KQmlnaGF3aywgYmlnaGF3a0B3YXJmYXJl
LmNvbQ0K
-------------------------------7d0aa252b8
Content-type: text/plain;
name="allmanage.pl-admin.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="allmanage.pl-admin.txt"
QWxsbWFuYWdlLnBsIEFkbWluIFBhc3N3b3JkIHZ1bG5lcmFiaWxpdHkgKDE1IG1heSAyMDAwKQ0K
DQpBbm90aGVyIGFsbG1hbmFnZS5wbCB2dWxuZXJhYmlsaXR5IChzZWUgYWxzbyBhbGxtYW5hZ2Uu
cGwudHh0KQ0KIA0KRXZlcnlib2R5IGNhbiBlYXNpbHkgZ2V0IHRoZSBhZG1pbiBwYXNzd29yZCBm
cm9tIHRoZSBhbGxtYW5hZ2UgZGlyZWN0b3J5LiBZb3UgYXJlIGFibGUgdG8gDQpzZXQvY2hhbmdl
IGxvdHMgb2YgdmFyaWFibGVzLCBhZGQgYWNjb3VudHMsIG1haWwgdXNlcnMsIGJhY2t1cCwgcmVz
dG9yZSwgZWRpdCBoZWFkZXIvZm9vdGVyIGNvZGUNCmV0Yy4uDQoNCkl0J3MgcmVhbGx5IGVhc3kg
dG8gZ2V0Og0KDQotRmluZCB3ZXJlIGFsbG1hbmFnZS5wbCBpcyBsb2NhdGVkIGFuZCBjaGFuZ2Ug
YWxsbWFuYWdlLnBsIHdpdGggSyAuIEZvciBleGFtcGxlOiANCiBhbGxtYW5hZ2UvYWxsbWFuYWdl
LnBsIHdpbGwgYmVjb21lIGFsbG1hbmFnZS9rIC4gVGhpcyBmaWxlIGNvbnRhaW5zIHRoZSBhZG1p
biBwYXNzd29yZCwgbm90IA0KIGVuY3J5cHRlZC4NCi1HbyB0byBhbGxtYW5hZ2VfYWRtaW4ucGwg
aW5zdGVhZCBvZiBhbGxtYW5hZ2UucGwgYW5kIGxvZ2luLiBZb3UgY2FuIHVzZSBhZG1pbiBhcyBs
b2dpbm5hbWUuDQotTm93IHlvdSdyZSBpbiB0aGUgbWFpbiBhZG1pbiBwYW5lbC4NCiBOLkIuIGxv
Z2lubmFtZSBpcyBub3QgYWx3YXlzIGFkbWluLCBidXQgaW4gbW9zdCBvZiB0aGUgY2FzZXMgaXQg
aXMuDQoNCkkgdHJpZWQgdGhpcyBvbiA4IHNpdGVzIHVzaW5nIGFsbG1hbmFnZS5wbC4gNiBvZiB0
aGVtIHdlcmUgdnVsbmVyYWJsZS4NCg0KT3RoZXIgaW50ZXJyZXN0aW5nIGZpbGVzIHRvIHJlcXVl
c3Q6DQoNCmFkcCA6IEFkbWluIGluZm9ybWF0aW9uIGFuZCBlbmNyeXB0ZWQgcGFzc3dvcmQNCnVz
ZXJmaWxlLmRhdCA6IEFsbCB1c2VyIGluZm9ybWF0aW9uIHRoZXkgZW50ZXJlZCByZXF1ZXN0aW5n
IHRoZWlyIGFjY291bnQuIChOLkIuIG5vdCBhbHdheXMgdGhlcmUpDQpzZXR0aW5ncy5jZmcgOiBD
b25maWcgZmlsZSwgeW91IGNhbiBnZXQgdGhlIHNhbWUgaW5mb3JtYXRpb24gb3V0IG9mIHRoZSBh
ZG1pbiBwYW5lbC4NCg0KVGhpcyBtYXkgYWxzbyB3b3JrIG9uIHRoZSB2ZXJzaW9uIHdpdGhvdXQg
dGhlIHVwbG9hZCBhYmlsaXR5Lg0KDQpCaWdoYXdrLCBiaWdoYXdrQHdhcmZhcmUuY29tDQo=
-------------------------------7d0aa252b8--
