[30678] in bugtraq
Information Disclosure Vulnerability in bitboard2
daemon@ATHENA.MIT.EDU (Marc Bromm)
Wed Jul 9 16:09:27 2003
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="ISO-8859-1"
MIME-Version: 1.0
From: "Marc Bromm" <theblacksheep@fastmail.fm>
To: bugtraq@securityfocus.com
Date: Wed, 09 Jul 2003 01:22:56 -0800
Message-Id: <20030709092256.277B638D1A@www.fastmail.fm>
================================================
<------------------------------------------------>
<------------#www.bright-shadows.net#------------>
<------------------------------------------------>
<--------------#theblacksheep&erik#-------------->
<------------------------------------------------>
================================================
Advisory Information
--------------------
Advisory Name : Information Disclosure Vulnerability in bitboard2
Author : Marc Bromm <theblacksheep@fastmail.fm> Germany
Discover by : Marc Bromm <theblacksheep@fastmail.fm> Germany
Release Date : 9. Juli 2003
Application : bitboard2 (textfile based board)
Vendor Homepage : http://www.bitshifters.bl.am
Vendor Status : notified
Vulnerable Versions: bitboard2 (maybe older)
Platforms : OS Independent, PHP
Severity : High
######Overview:
The bitboard2 is a board that need no database to work. So it is useful
for webmaster that have no access to a sql database.
######Exploit:
1. Get the admin passwort hash
The crypt hash of the admin password is stored in
"/admin/data_passwd.dat".
Everyone has access to it. So only get the hash and crackit with john.
The real problem is that many admins don't use secure passwort ;-)
######Vendor Response:
They told me that they are going to fix it in the next version.
Greetz to:
Erik, (O_o)oOoOoOo.
--
theblacksheep@fastmail.fm
--
http://www.fastmail.fm - The professional email service
