Home page logo
/

bugtraq logo Bugtraq mailing list archives

TextPortal Default Password Vulnerability
From: "bugtracklist.fm" <bugtracklist () freemail hu>
Date: Sat, 24 May 2003 00:15:52 +0200

TextPortal Default Password Vulnerability

Advisory ID:                  B$H-2003:001
Advisory URL:               http://www.tar.hu/bsh/reports/bsh-2003-001.txt
Date:                              2003.05.22.
Original Advisory Date:   2003.05.10.
Discovery date:               2003.05.10.
Type:                              Vulnerability / Exploit
Product:                          TextPortal
Affected versions:            All (as of discovery date)
Fixed Version:                 None
Vendor notified:               2003.05.10.
Vendor response:             2003.05.16.
Product/vendor URL:       http://www.textportal.hu/

Author:                           B$H
Author info:                     bsh () tar hu / http://www.tar.hu/bsh/
Greetz to :                       Sigterm, Dodge Viper, Geo, DVHC

------------------------------------------------------
Product description:
------------------------------------------------------

TextPortal  is  a  text-based  PHP  portal  system  with  forum,  voitig,
user
registration,  etc. To  use this  portal system  you need  only php  on the
web
server.

------------------------------------------------------
Vulnerability:
------------------------------------------------------

The default admin  password is: admin.  The administrators change  this
always.
You can change the admin passord at admin-menu -> admin passwor menu item.
The
admin password is in admin_pass.php :

<?php
god1¤t.gEaVtS1Uh86
god1-tmp¤d.9qw2fVYDNh2god2¤ijv.8ZKH0lW8s
god2¤3JVqJsoQ4Dph2

What is  good2? Good  2 is  also an  administrator (editor). This  user
hasn't
got full controll, but you can change many things:

- Voting
- Articles
- Downloads
- Links
- Gallery
- Forum
- Visitor's Book
- Statistics

The portal use the  crypt php function to  the passwords. So you  can crack
this
password with any  UNIX password cracker.   The result: 3JVqJsoQ4Dph2:12345.
;)
The passwor is:  12345. Many people  don't know this  and they don't  change
the
password.

------------------------------------------------------
Exsploit:
------------------------------------------------------

http://[target]/admin.php
Target 12345 and Enter. ;)

-----------------------------------------------------
Solution:
------------------------------------------------------

Chenge  the  editor password:  admin  menu >  admin  password >  change
editor
password. Or write  the crypted password  to the admin_pass.php  after the
part:
"god2¤".

B$H
bsh () tar hu
www.tar.hu/bsh

2003.05.22.


  By Date           By Thread  

Current thread:
  • TextPortal Default Password Vulnerability bugtracklist.fm (May 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]