ZH2003-12SA.txt

2003-07-24T00:00:00
ID PACKETSTORM:31437
Type packetstorm
Reporter Trash-80
Modified 2003-07-24T00:00:00

Description

                                        
                                            `ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta  
  
  
Published: 23/07/2003  
  
Released: 23/07/2003  
  
Name: PHP-Gästebuch (http://www.php-gaestebuch.de)  
  
Affected System(s): All versions (?)   
  
Severity: Medium/High  
  
Platform(s): Windows and Unix   
  
Original Advisory: http://www.zone-h.org/en/advisories/read/id=2764/  
  
Issue: Information disclosure enables attackers to take administrative control  
  
Author: Trash-80 - dpangalos@linuxmail.org  
  
  
Description  
  
************  
  
Zone-h Security Team has discovered a serious security flaw in PHP-Gästebuch Ver. 1.60 Beta and possibly in prior versions.  
PHP-Gästebuch is a guestbook system that except a few bugs has functions like flooding and webfilter protections ... ;)   
  
  
Details  
  
********  
  
1.guestbookdat contains admin's saved settings for PHP-Gästebuch. Is not protected and an attacker can retrieve serious information about the guestbook.  
  
ex: www.example.com/guestbook/guestbookdat  
  
2.pwd contains the admin's password which is encrypted by MD5 algorithm.  
  
ex1: www.example.com/guestbook/pwd   
  
ex2:md5 encrypted password: ee21d5f27a8401788147f6f6184ddb11  
md5 unencrypted password: roland  
  
An attacker using a md5 cracker like Cain & Abel (www.oxid.it), can crack the hash and use the decrypted password in order to login as PHP-Gästebuch's administrator.   
  
ex: www.example.com/guestbook/admin.php  
  
  
  
Solution  
  
*********  
  
Protect these two files: guestbookdat & pwd.  
  
The vendor has been contacted.  
  
  
Trash-80 - www.zone-h.org operator  
  
http://www.zone-h.org  
  
  
  
  
  
  
--   
______________________________________________  
http://www.linuxmail.org/  
Now with e-mail forwarding for only US$5.95/yr  
  
Powered by Outblaze  
`