siteman1111-disclose.txt

2007-01-27T00:00:00
ID PACKETSTORM:54017
Type packetstorm
Reporter CorryL
Modified 2007-01-27T00:00:00

Description

                                        
                                            `-=[--------------------ADVISORY-------------------]=-  
  
Siteman 1.1.11   
  
Author: CorryL [corryl80@gmail.com]   
-=[-----------------------------------------------]=-  
  
  
-=[+] Application: Siteman   
-=[+] Version: 1.1.11  
-=[+] Vendor's URL: http://home.no.net/siteman/  
-=[+] Platform: Windows\Linux\Unix  
-=[+] Bug type: Remote Md5 Hash Disclosure Vulnerability  
-=[+] Exploitation: Remote  
-=[-]  
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~  
-=[+] Reference: www.x0n3-h4ck.org  
-=[+] Virtual Office: http://www.kasamba.com/CorryL  
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck   
  
  
..::[ Descriprion ]::..  
  
This is the home of the Siteman project,   
a content management system using the flat-file database system txtSQL for data storage.   
  
  
..::[ Bug ]::..  
  
exploiting this bug a remote attaker is able to go up again to user name and admin password  
what they are found to the first position  
  
  
..::[ Proof Of Concept ]::..  
  
http://remote-server/data/members.txt  
  
`