ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta





Published: 23/07/2003



Released: 23/07/2003



Name: PHP-Gästebuch (http://www.php-gaestebuch.de)



Affected System(s): All versions (?) 



Severity: Medium/High



Platform(s): Windows and Unix 



Issue: Information disclosure enables attackers to take administrative 

control



Author: Trash-80 - dpangalos@linuxmail.org





Description



************



Zone-h Security Team has discovered a serious security flaw in PHP-

Gästebuch Ver. 1.60 Beta and possibly in prior versions.

PHP-Gästebuch is a guestbook system that except a few bugs has functions 

like flooding and webfilter protections ... ;) 





Details



********



1.guestbookdat contains admin's saved settings for PHP-Gästebuch. Is not 

protected and an attacker can retrieve serious information about the 

guestbook.



  ex: www.example.com/guestbook/guestbookdat



2.pwd contains the admin's password which is encrypted by MD5 algorithm.



  ex1: www.example.com/guestbook/pwd  



  ex2:md5 encrypted password: ee21d5f27a8401788147f6f6184ddb11

      md5 unencrypted password: roland

                                                 

An attacker using a md5 cracker like Cain & Abel (www.oxid.it), can crack 

the hash and use the decrypted password in order to login as PHP-

Gästebuch's administrator. 



  ex: www.example.com/guestbook/admin.php







Solution



*********



Protect these two files: guestbookdat & pwd.



The vendor has been contacted.





Trash-80 - www.zone-h.org operator



http://www.zone-h.org