================================================
<------------------------------------------------>
<------------#www.bright-shadows.net#------------>
<------------------------------------------------>
<--------------#theblacksheep&erik#-------------->
<------------------------------------------------>
================================================
Advisory Information
--------------------
Advisory Name : Information Disclosure Vulnerability in bitboard2
Author : Marc Bromm <theblacksheep@fastmail.fm> Germany
Discover by : Marc Bromm <theblacksheep@fastmail.fm> Germany
Release Date : 9. Juli 2003
Application : bitboard2 (textfile based board)
Vendor Homepage : http://www.bitshifters.bl.am
Vendor Status : notified
Vulnerable Versions: bitboard2 (maybe older)
Platforms : OS Independent, PHP
Severity : High
######Overview:
The bitboard2 is a board that need no database to work. So it is useful
for webmaster that have no access to a sql database.
######Exploit:
1. Get the admin passwort hash
The crypt hash of the admin password is stored in
"/admin/data_passwd.dat".
Everyone has access to it. So only get the hash and crackit with john.
The real problem is that many admins don't use secure passwort ;-)
######Vendor Response:
They told me that they are going to fix it in the next version.
Greetz to:
Erik, (O_o)oOoOoOo.
--
theblacksheep@fastmail.fm
--
http://www.fastmail.fm - The professional email service
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
