Author: y3dips Date: November, 26th 2004 Location: Indonesia, Jakarta Web: http://echo.or.id/adv/adv09-y3dips-2004.txt
Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
paFileDB 3.1 ( PHP ARENA ) Written by Todd ( email@example.com ) web : http://www.phparena.net
If the site using sessions to handle the authentication in the site, Attacker could access the directory "sessions" and see the sessions in the same time when the admin log in to manage the site (which is include admin hash password)
----- snip from manual page -----
In order to reduce compatibility problems, paFileDB 3.0 Final can use either sessions or cookies. Cookies are recommended and enabled by default, because there's less compatibility issues and unlike sessions, cookies don't require any data to be stored on the server.
... To switch between sessions and cookies, open up pafiledb.php and look for the text:
$authmethod = "cookies"; OR : $authmethod = "sessions"; ...
Before you make the switch to sessions, make a directory called "sessions" in your paFileDB folder (same folder as pafiledb.php) and CHMOD the directory 777.
----- snip ------
admin (dudul) log in to manage the site at http://URL/pafiledb/pafiledb.php?action=admin ,then the session is recorded in sessions directory
attacker access the directory directly and see the "sessions" (in a same time)
then access the listing sessions file example : 'sess_12c9d926184e836451a15ed837bb875d'
which is contain
---- info that attacker get ----
user : dudul pass : 810f9f3fbad17446a22ed2e516a12c36 <-- MD5
A remote user can access the file directly to cause the system to display an error message that indicates the installation path. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.
read my artikel about path disclosure with Indonesian language at
Fatal error: Call to undefined function: adlocbar() in /var/www/html/pafiledb/includes/admin/admins.php on line 13
Fatal error: Call to undefined function: adlocbar() in /var/www/html/pafiledb/includes/admin/category.php on line 232
Warning: main(./includes/team/login.php): failed to open stream: No such file or directory in /var/www/html/pafiledb/includes/team.php on line 17
Warning: main(): Failed opening './includes/team/login.php' for inclusion (include_path='.:/usr/share/pear') in /var/www/html/pafiledb/includes/team.php on line 17
FIX it :
For User and do not know how to fix the script , change php.ini file setting then turn on log_errors , and turn off display_error
All admin have same power, so every admin could delete another admin until there is no admin left , if all admin acount deleted, so all admin could not log in to manage the site
~ m0by, the_day, comex, z3r0byt3, K-159, c-a-s-e, S`to @T echo/staff ~ firstname.lastname@example.org , ~ #e-c-h-o & #aikmel @DALNET
y3dips || echo|staff || y3dips(at)echo(dot)or(dot)id Homepage: http://y3dips.echo.or.id/
-------------------------------- [ EOF ] ---------------------------------