TUCoPS :: Web :: PHP :: bt865.txt

Stellar Docs Path Disclosure and Security Leak

ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security 


Published: 10 august 2003

Released: 10 august 2003

Name: Stellar Docs

Affected Systems: v1.2

Issue: Remote attackers can know the path of the site and access the 

administrative section

Author: G00db0y@zone-h.org

Vendor: http://www.imediasoftware.com/products/stellardocs/index.php



Zone-h Security Team has discovered a flaw in Stellar Docs v1.2 (and older

versions?). Stellar Docs is an "incredibly easy to use online 

documentation manager"




It's possible to make a malformed http request in Stellar Docs and in 

doing so 

trigger an error. The resulting error message will disclose potentially 


installation path information to the remote attacker.



By doing this request we will receive this kind of error: 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result 


 in /home/www/pathofstellardocs/_admin/cdb.php on line 20

Now we know where is the admin directory. So we can try to connect to the 




We will have a login form where we will insert these data:

user: admin      password: admin

We have seen that there is no page to change them, so only modifying the 

source code

of the administration pages we can change these data. 



The vendor has been contacted and a patch is not yet produced.



Filter all files and change administrator password by editing his pages.

G00db0y - www.zone-h.org admin

Original advisory here: http://www.zone-h.org/en/advisories/read/id=2864/

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH