SimpleBBS 1.0.6 Default Permissions Vuln

From: flur (flur@flurnet.org)
Date: 03/07/03

  • Next message: Eitan Caspi: "[EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group" 
    Date: Fri, 07 Mar 2003 16:39:54 -0500
To: bugtraq Security List <bugtraq@securityfocus.com>
From: flur <flur@flurnet.org>

    SimpleBBS 1.0.6 Security Problem:

    User database stored in a php file that's readable by anyone.
    http://www.tareget.com/simplebbs/users/users.php

    Passwords are md5'ed, but user data is not.

    The vendor was notified and has released updates.

    ____________________ __ _
    ~FluRDoInG flur@flurnet.org
                                 http://www.flurnet.org
    KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048
    1876 B762 F909 91EB 0C02 C06B 83FF E6C5 8C2C 37C4

  • Next message: Eitan Caspi: "[EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group"

    Relevant Pages

    • CLIENT PERMISSION
      ... We have just acquired an application from a vendor which uses SQL server. ... times change the passwords and other things. ... Is there a way that they cannot manipulate information / passwords. ...
      (microsoft.public.sqlserver.security)
    • Off-the-wall Auditor Requests (was RE: Hardware Alerts)
      ... I would have sent his bleeding body back to the vendor in a ... Asking for passwords is ludicrous and he should have ... You could also have said that RACF doesn't store passwords. ... a key to one-way encrypt the userID, ...
      (bit.listserv.ibm-main)
    • Stupid requests (was:RE: Hardware Alerts)
      ... One of my favorite requests was for a vendor doing a conversion. ... wanted all the passwords for user accounts in RACF. ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
      (bit.listserv.ibm-main)
    • Re: Hardware Alerts
      ... I would have sent his bleeding body back to the vendor in a garbage bag, with a demand for someone who knew what he was doing. ... Asking for passwords is ludicrous and he should have learned that early in his training And if the vendor can't make the cut-over without breaching security, then it's time to find a new vendor! ... For IBM-MAIN subscribe / signoff / archive access instructions, ... send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO ...
      (bit.listserv.ibm-main)
    • Re: Problems with include and duplication function definitions
      ... So they create a php file to with 3 functions ... Check if the specified file is from that vendor ... Build remittance EDI files ... on detected type and a global remittance function that knows which file ...
      (comp.lang.php)