Information Disclosure Vulnerability in bitboard2

2003-07-10T00:00:00
ID SECURITYVULNS:DOC:4807
Type securityvulns
Reporter Securityvulns
Modified 2003-07-10T00:00:00

Description

================================================ <------------------------------------------------> <------------#www.bright-shadows.net#------------> <------------------------------------------------> <--------------#theblacksheep&erik#--------------> <------------------------------------------------> ================================================

Advisory Information

Advisory Name : Information Disclosure Vulnerability in bitboard2 Author : Marc Bromm <theblacksheep@fastmail.fm> Germany Discover by : Marc Bromm <theblacksheep@fastmail.fm> Germany Release Date : 9. Juli 2003 Application : bitboard2 (textfile based board) Vendor Homepage : http://www.bitshifters.bl.am Vendor Status : notified Vulnerable Versions: bitboard2 (maybe older) Platforms : OS Independent, PHP Severity : High

Overview:

The bitboard2 is a board that need no database to work. So it is useful for webmaster that have no access to a sql database.

Exploit:
  1. Get the admin passwort hash

The crypt hash of the admin password is stored in "/admin/data_passwd.dat". Everyone has access to it. So only get the hash and crackit with john.

The real problem is that many admins don't use secure passwort ;-)

Vendor Response:

They told me that they are going to fix it in the next version.

Greetz to:

Erik, (O_o)oOoOoOo.

theblacksheep@fastmail.fm

-- http://www.fastmail.fm - The professional email service