Bugtraq mailing list archives
More fun with WWWBoard
From: sh () QUADRUNNER COM (David Weins)
Date: Fri, 17 Sep 1999 05:09:38 -0700
Since I didn't see any of this mentioned in any of the archieved WWWBoard articles from bugtraq, I decidied to send it in. Possible Compromise: Remote Administration of WWWBoard. ------------------------------------------------------- By following WWWBoards install instructions exactly, you can leave yourself open to the risk of possible abuse through the wwwadmin.pl script. Matt Wright was at least smart enough to include some type of username/password checking, but he didn't have the idea to force the wwwboard administrator to pick/create a password for the webadmin account before the board would work. Instead he created a default account: Username: WebAdmin Password: WebBoard Well, at least he does suggest that you change this password the first time you login into wwwadmin. Now most people are smart enough to change the default password to something at least halfway more secure, but thanks to Matt Wright your new password is written into passwd.txt and it has to remain readable/writeable for the server to change the file. The password in this file is at leasted encrypted with crypt, but just being able to view the file will allow a cracker to sit down and run a dictionary crack against it. Suggested course of action: If you haven't looked over the scripts or at least read the entire ADMIN_README file to begin with (which you should do when you download any program) you can see that there is a variable to where to store/name the password file. This variable is called $passwd_file. Since the file needs to be open to writings and readings your best bet would be to move the file into a directory where it cannot be access from via the world wide web. You can do this easily by changing the $passwd_file variable from passwd.txt to "/path/to/non-web/dir/brdpass.txt" -- then rename passwd.txt to brdpass.txt and move into that directory. It at least provides you with a little more security than this insecure program does for you, or even suggests for you. -dew .*******************************************************************. : David E. Weins \ "Time is a great teacher, unfortunately : : david () weins net \ it kills all its pupils." : : \ - Hector Berlioz : `*******************************************************************'
Current thread:
- SDI AMD remote exploit for RH linux, (continued)
- SDI AMD remote exploit for RH linux Thiago (Sep 02)
- Re: IE5 allows executing programs J MacCraw (Sep 07)
- Re: IE5 allows executing programs David LeBlanc (Sep 03)
- Re: IE5 allows executing programs Kragen Sitaker (Sep 05)
- Re: IE5 allows executing programs Jesper M. Johansson (Sep 08)
- Re: IE5 allows executing programs SysAdmin (Sep 08)
- Re: IE5 allows executing programs Haxor, Wikit (Sep 16)
- Two SuSE 6.2 local root exploits Brock Tellier (Sep 16)
- SuSE 6.2 /usr/bin/sccw read any file Brock Tellier (Sep 16)
- Fw: CERT Advisory CA-99.12 - Buffer Overflow in amd morex (Sep 16)
- More fun with WWWBoard David Weins (Sep 17)
- Re: More fun with WWWBoard Chris Ridd (Sep 20)
- Re: More fun with WWWBoard Mark Jeftovic (Sep 21)
- Re: More fun with WWWBoard Patrick Oonk (Sep 22)
- Re: More fun with WWWBoard Speed (Sep 24)
- Re: More fun with WWWBoard Mark Jeftovic (Sep 26)
- Microsoft Security Bulletin (MS99-037) Aleph One (Sep 25)
- Internet Explorer 5.0 & AOL Instant Messenger 3.x (latest version) Bug forcing Win98 to crash remotely webmaster (Sep 22)
- Re: Internet Explorer 5.0 & AOL Instant Messenger 3.x (latest version) Bug forcing Win98 to crash remotely Peter Haglund (Sep 24)
- Re: More fun with WWWBoard Vladimir Dubrovin (Sep 21)
- SCO 5.0.x scosession local exploit Brock Tellier (Sep 22)