Home page logo

bugtraq logo Bugtraq mailing list archives

ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security Leak
From: G00db0y <G00db0y () zone-h org>
Date: 10 Aug 2003 16:14:49 -0000

ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security 

Published: 10 august 2003

Released: 10 august 2003

Name: Stellar Docs

Affected Systems: v1.2

Issue: Remote attackers can know the path of the site and access the 
administrative section

Author: G00db0y () zone-h org

Vendor: http://www.imediasoftware.com/products/stellardocs/index.php



Zone-h Security Team has discovered a flaw in Stellar Docs v1.2 (and older
versions?). Stellar Docs is an "incredibly easy to use online 
documentation manager"


It's possible to make a malformed http request in Stellar Docs and in 
doing so 
trigger an error. The resulting error message will disclose potentially 
installation path information to the remote attacker.



By doing this request we will receive this kind of error: 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result 
 in /home/www/pathofstellardocs/_admin/cdb.php on line 20

Now we know where is the admin directory. So we can try to connect to the 


We will have a login form where we will insert these data:

user: admin      password: admin

We have seen that there is no page to change them, so only modifying the 
source code
of the administration pages we can change these data. 



The vendor has been contacted and a patch is not yet produced.



Filter all files and change administrator password by editing his pages.

G00db0y - www.zone-h.org admin

Original advisory here: http://www.zone-h.org/en/advisories/read/id=2864/

  By Date           By Thread  

Current thread:
  • ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security Leak G00db0y (Aug 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]