Vulnerability Development mailing list archives
Re: wwwboard my help reveal user name and password
From: shadoze () FREEWWWEB COM (Shadowboxer)
Date: Fri, 7 Jul 2000 14:24:11 -0400
Julian Linton wrote:
This is probably well know already. if wwwboard.pl is install with most of it default settings any web user can access www.somesite.com/wwwboard/passwd.txtthis will show the username and encrypted password for the wwwadmin.pl script. I did a search on the internet and many of the site that are running wwwboard use the same password and username for other service, such as ftp or telnet. I feel this can be a problem since the passwd.txt file is world readable. Julian LintonCIS Student @ FAMU.EDUjlinton () cis famu edu
There have been countless security bugs found in Matt Wright's wwwboard script since it was released. It is pretty much obsolete these days. I know a few people who have played with the script a little and got it to be pretty bug-free/secure. The minimum would be to fix this password problem and to add referrer checking so a standalone script can't be used to bomb it.
Current thread:
- Re: BitchX /ignore bug, (continued)
- Re: BitchX /ignore bug Benjamin Karas (Jul 05)
- Re: BitchX /ignore bug Daniel Jacobowitz (Jul 05)
- Re: BitchX /ignore bug Thomas Dullien (Jul 05)
- Re: BitchX /ignore bug Ron DuFresne (Jul 06)
- Re: BitchX /ignore bug Keith Simonsen (Jul 06)
- Re: BitchX /ignore bug Steve Mosher (Jul 06)
- Re: BitchX /ignore bug Joe User (Jul 06)
- Re: BitchX /ignore bug Security Mail Acct. (Jul 06)
- wwwboard my help reveal user name and password Julian Linton (Jul 07)
- Re: wwwboard my help reveal user name and password Shelagh Pepper (Jul 07)
- Re: wwwboard my help reveal user name and password Shadowboxer (Jul 07)
- Re: wwwboard my help reveal user name and password Jason Legate (Jul 07)
- Re: wwwboard my help reveal user name and password Simon Hughes (Jul 11)
- Re: BitchX /ignore bug Ron DuFresne (Jul 06)
- Re: BitchX /ignore bug Benjamin Karas (Jul 05)
- About all the default password databases... Mikael Olsson (Jul 07)
- Re: About all the default password databases... Roelof Temmingh (Jul 07)
- Re: About all the default password databases... Jonathan Leto (Jul 07)
- Re: About all the default password databases... Phenoelit (Jul 08)
- Re: BitchX /ignore bug Steve Mosher (Jul 07)
- Re: BitchX /ignore bug Mikael Olsson (Jul 07)
- Re: BitchX /ignore bug Steve Mosher (Jul 08)
- The AOL Spyware Maxime Rousseau (Jul 07)