SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   paFileDB Vendors:   PHP Arena
paFileDB Lets Remote Users Access Hashed Passwords and Determine the Installation Path
SecurityTracker Alert ID:  1012421
SecurityTracker URL:  http://securitytracker.com/id/1012421
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 3 2004
Impact:   Disclosure of authentication information, Disclosure of system information
Exploit Included:  Yes  
Version(s): 3.1
Description:   Some vulnerabilities were reported in paFileDB. A remote user may be able to view the administrator's hashed password. A remote user can determine the installation path.

y3dips reported that if the 'sessions' method is used, a remote user can access the sessions directory and, if the administrator is logged in, view the administrator's hashed password.

A demonstration exploit URL is provided:

http://[target]/pafiledb/sessions/[sessionfile]

It is also reported that a remote user can access the following URLs to trigger an error message that discloses the installation path:

http://[target]/pafiledb/includes/admin/admins.php
http://[target]/pafiledb/includes/admin/category.php
http://[target]/pafiledb/includes/team.php

It is also reported that an administrative user can delete all admin accounts.

The original advisory is available at:

http://echo.or.id/adv/adv09-y3dips-2004.txt

Impact:   A remote user may be able to view the administrator's hashed password if 'sessions' authentication is used.

A remote user can determine the installation path.

A remote authenticated administrator can delete all administrative accounts.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.phparena.net/pafiledb.php (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC