WebApp Sec mailing list archives
Re: security of _notes dirs
From: Greg <kamago () free fr>
Date: Thu, 15 Sep 2005 10:57:08 +0200
Hi, Le Mercredi 14 Septembre 2005 18:21, Mailing List a écrit :
I've found something worse, a file called contribute.xml which contains a password. I'm going to have a look to see if I can find out how the password is stored and if it can be decrypted/broken in some way.
For the obvious part, all the "passwords" are 32 characters long, so chances that they are MD5 hashes are great. Then, for the email value it's just the hex-encoded value of the real email. This perl one-liner will give you the real mail : perl -e '$ARGV[0] =~ s/(..)/pack "H2", $1/ge; print "${ARGV[0]}\n";' hex_email For the password hash, a lookup in an online md5 hash database shows up results for some of them.
A quick google for inurl:contribute.xml shows lots of these files around, I can't have just found a massive security failing can I? I must be missing something somewhere.
I'm not familiar with Macromedia Contribute, so I don't know if this file must be present on the production server, and how much you can mess the site up if you have the password. Maybe someone else on the list ? And one last thing : this is not a security flaw in Macromedia Contribute, but a malpractice from the webmasters. If they read the doc and learn how to write a 3 lines .htaccess, they wouldn't have this information exposed. Greg
Current thread:
- security of _notes dirs Mailing List (Sep 12)
- <Possible follow-ups>
- RE: security of _notes dirs Griffiths, Ian (Sep 12)
- RE: security of _notes dirs michael acadia (Sep 12)
- RE: security of _notes dirs Mailing List (Sep 14)
- Re: security of _notes dirs Michael Acadia (Sep 14)
- Re: security of _notes dirs Mailing List (Sep 15)
- Re: security of _notes dirs Greg (Sep 15)
- Re: security of _notes dirs Peter Conrad (Sep 15)
- Re: security of _notes dirs Mailing List (Sep 15)
- RE: security of _notes dirs Mailing List (Sep 14)