Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15864
HistoryJan 25, 2007 - 12:00 a.m.

[x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability

2007-01-2500:00:00
vulners.com
60

-=[--------------------ADVISORY-------------------]=-

                    Siteman 2.0.x2   

Author: CorryL [[email protected]]
-=[-----------------------------------------------]=-

-=[+] Application: Siteman 2.0.x2
-=[+] Version: 2.0.x2
-=[+] Vendor's URL: http://home.no.net/siteman/
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: Remote Md5 Hash Disclosure Vulnerability
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
-=[+] Virtual Office: http://www.kasamba.com/CorryL
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck

…::[ Descriprion ]::…

This is the home of the Siteman project,
a content management system using the flat-file database system txtSQL for data storage.

…::[ Bug ]::…

exploiting this bug a remote attaker is able' to go up again to user name and admin password
what they are found to the first position

…::[ Proof Of Concept ]::…

http://remote-server/db/siteman/users.MYD