TUCoPS :: Web :: PHP :: bt266.txt

TextPortal Default Password Vulnerability 


TextPortal Default Password Vulnerability

Advisory ID:                  B$H-2003:001
Advisory URL:               http://www.tar.hu/bsh/reports/bsh-2003-001.txt
Date:                              2003.05.22.
Original Advisory Date:   2003.05.10.
Discovery date:               2003.05.10.
Type:                              Vulnerability / Exploit
Product:                          TextPortal
Affected versions:            All (as of discovery date)
Fixed Version:                 None
Vendor notified:               2003.05.10.
Vendor response:             2003.05.16.
Product/vendor URL:       http://www.textportal.hu/

Author:                           B$H
Author info:                     bsh@tar.hu / http://www.tar.hu/bsh/
Greetz to :                       Sigterm, Dodge Viper, Geo, DVHC

------------------------------------------------------
Product description:
------------------------------------------------------

TextPortal  is  a  text-based  PHP  portal  system  with  forum,
voitig, user registration,  etc. To  use this  portal system  you need
only php  on the web server.

------------------------------------------------------
Vulnerability:
------------------------------------------------------

The default admin  password is: admin.  The administrators change  this
always. You can change the admin passord at admin-menu -> admin passwor
menu item. The admin password is in admin_pass.php :

<?php
god1¤t.gEaVtS1Uh86
god1-tmp¤d.9qw2fVYDNh2god2¤ijv.8ZKH0lW8s
god2¤3JVqJsoQ4Dph2

What is  good2? Good  2 is  also an  administrator (editor). This  user
hasn't
got full controll, but you can change many things:

- Voting
- Articles
- Downloads
- Links
- Gallery
- Forum
- Visitor's Book
- Statistics

The portal use the  crypt php function to  the passwords. So you  can crack
this
password with any  UNIX password cracker.   The result: 3JVqJsoQ4Dph2:12345.
;)
The passwor is:  12345. Many people  don't know this  and they don't  change
the
password.

------------------------------------------------------
Exsploit:
------------------------------------------------------

http://[target]/admin.php
Target 12345 and Enter. ;)

-----------------------------------------------------
Solution:
------------------------------------------------------

Chenge  the  editor password:  admin  menu >  admin  password >  change
editor
password. Or write  the crypted password  to the admin_pass.php  after the
part:
"god2¤".

B$H
bsh@tar.hu
www.tar.hu/bsh

2003.05.22.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH