[x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability

2007-01-25T00:00:00
ID SECURITYVULNS:DOC:15864
Type securityvulns
Reporter Securityvulns
Modified 2007-01-25T00:00:00

Description

-=[--------------------ADVISORY-------------------]=-

                    Siteman 2.0.x2

Author: CorryL [corryl80@gmail.com]
-=[-----------------------------------------------]=-

-=[+] Application: Siteman 2.0.x2 -=[+] Version: 2.0.x2 -=[+] Vendor's URL: http://home.no.net/siteman/ -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Remote Md5 Hash Disclosure Vulnerability -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org -=[+] Virtual Office: http://www.kasamba.com/CorryL -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck

..::[ Descriprion ]::..

This is the home of the Siteman project, a content management system using the flat-file database system txtSQL for data storage.

..::[ Bug ]::..

exploiting this bug a remote attaker is able' to go up again to user name and admin password what they are found to the first position

..::[ Proof Of Concept ]::..

http://remote-server/db/siteman/users.MYD