mailing list archives
ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security Leak
From: G00db0y <G00db0y () zone-h org>
Date: 10 Aug 2003 16:14:49 -0000
ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security
Published: 10 august 2003
Released: 10 august 2003
Name: Stellar Docs
Affected Systems: v1.2
Issue: Remote attackers can know the path of the site and access the
Author: G00db0y () zone-h org
Zone-h Security Team has discovered a flaw in Stellar Docs v1.2 (and older
versions?). Stellar Docs is an "incredibly easy to use online
It's possible to make a malformed http request in Stellar Docs and in
trigger an error. The resulting error message will disclose potentially
installation path information to the remote attacker.
By doing this request we will receive this kind of error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
in /home/www/pathofstellardocs/_admin/cdb.php on line 20
Now we know where is the admin directory. So we can try to connect to the
We will have a login form where we will insert these data:
user: admin password: admin
We have seen that there is no page to change them, so only modifying the
of the administration pages we can change these data.
The vendor has been contacted and a patch is not yet produced.
Filter all files and change administrator password by editing his pages.
G00db0y - www.zone-h.org admin
Original advisory here: http://www.zone-h.org/en/advisories/read/id=2864/
- ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security Leak G00db0y (Aug 11)