================================================ <------------------------------------------------> <------------#www.bright-shadows.net#------------> <------------------------------------------------> <--------------#theblacksheep&erik#--------------> <------------------------------------------------> ================================================ Advisory Information -------------------- Advisory Name : Information Disclosure Vulnerability in bitboard2 Author : Marc Bromm <theblacksheep@fastmail.fm> Germany Discover by : Marc Bromm <theblacksheep@fastmail.fm> Germany Release Date : 9. Juli 2003 Application : bitboard2 (textfile based board) Vendor Homepage : http://www.bitshifters.bl.am Vendor Status : notified Vulnerable Versions: bitboard2 (maybe older) Platforms : OS Independent, PHP Severity : High ######Overview: The bitboard2 is a board that need no database to work. So it is useful for webmaster that have no access to a sql database. ######Exploit: 1. Get the admin passwort hash The crypt hash of the admin password is stored in "/admin/data_passwd.dat". Everyone has access to it. So only get the hash and crackit with john. The real problem is that many admins don't use secure passwort ;-) ######Vendor Response: They told me that they are going to fix it in the next version. Greetz to: Erik, (O_o)oOoOoOo. -- theblacksheep@fastmail.fm -- http://www.fastmail.fm - The professional email service
