New Vulnerability found in Allmanage. This one gives access to the main admin panel where you can set a lot of options and variables. Websites using Allmanage Website Administration Software 2.6 with the upload ability contain an easily exploited vulnerability wich gives you full add/del/change access in the user-account directories and you can change the files in the main directory of the CGI script.
0e8435060a9e6771f7386b3732f06e361de8d7c64759e6a4602769a0519d780fAllmanage.pl Admin Password vulnerability (15 may 2000)
Another allmanage.pl vulnerability (see also allmanage.pl.txt)
Everybody can easily get the admin password from the allmanage directory. You are able to
set/change lots of variables, add accounts, mail users, backup, restore, edit header/footer code
etc..
It's really easy to get:
-Find were allmanage.pl is located and change allmanage.pl with K . For example:
allmanage/allmanage.pl will become allmanage/k . This file contains the admin password, not
encrypted.
-Go to allmanage_admin.pl instead of allmanage.pl and login. You can use admin as loginname.
-Now you're in the main admin panel.
N.B. loginname is not always admin, but in most of the cases it is.
I tried this on 8 sites using allmanage.pl. 6 of them were vulnerable.
Other interresting files to request:
adp : Admin information and encrypted password
userfile.dat : All user information they entered requesting their account. (N.B. not always there)
settings.cfg : Config file, you can get the same information out of the admin panel.
This may also work on the version without the upload ability.
Bighawk, bighawk@warfare.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed