SecurityTracker.com Archives - PHP TopSites Discloses Configuration Data to Remote Users

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > PHP TopSites

Vendors: iTop10.Net

PHP TopSites Discloses Configuration Data to Remote Users

SecurityTracker Alert ID: 1014552

SecurityTracker URL: http://securitytracker.com/id?1014552

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jul 21 2005

Impact: Disclosure of user information

Exploit Included: Yes

Description: A vulnerability was reported in PHP TopSites. A remote user can view configuration information.

The administrative control panel pages are not protected by default. A remote user can supply the following URL to view configuration data:

http://[target]/[toplistdirectory]/[admindirectory]/setup.php

The vendor was notified on June 18, 2005.

Donnie Werner of exploitlabs and h4cky0u reported this vulnerability.

Impact: A remote user can obtain configuration data.

Solution: No solution was available at the time of this entry. The vendor has indicated that the 'admin' directory should be protected using web server access controls.

Cause: Access control error, Configuration error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: "Morning Wood" <se_cur_ity@hotmail.com>

Message History: None.

Source Message Contents

Date: Thu, 21 Jul 2005 13:31:05 -0700
From: "Morning Wood" <se_cur_ity@hotmail.com>
Subject: [Full-disclosure] PHPTopSites

 

------------------------------------------------------------
      - EXPL-A-2005-012 exploitlabs.com Advisory 041 -
------------------------------------------------------------
                                   - PHP TopSites -






AFFECTED PRODUCTS
=================
PHP TopSites FREE ( all versions )
PHP TopSites PRO ( all versions )
http://itop10.net



OVERVIEW
========
PHP TopSites is a PHP/MySQL-based customizable TopList script




DETAILS
=======
1. Information Disclosure

The setup / admin section (admin control panel) can be accessed
without authorization. This exposes the administrative mysql info
including user-db-pass-host and admin email addresses.
Further access allows reading / editing of toplist member info
including the above data.




POC
===

1.
------

The configuration of the top lists in the admin area can be accessed
by the following URL:
http://[host]/[toplistdirectory]/[admindirectory]/setup.php





SOLUTION:
=========
vendor contact:
roman@itop10.net June 18, 2005 1st notification
roman@itop10.net June 19, 2005 Vendor reply
response: admin directory should be .htaccess protected

roman@itop10.net June 19, 2005 Researcher reply
response: this is not satisfactory

roman@itop10.net June 21, 2005
response: i will fix it as soon as possible 


roman@itop10.net July 7
roman@itop10.net July 13
no response(s) recieved
( itop10.net ) appears down



Credits
=======
This vulnerability was discovered and researched by 
h4cky0u of  http://www.h4cky0u.org
mail: h4cky0u at gmail.com


and
Donnie Werner of exploitlabs

mail:   wood at exploitlabs.com
mail:   morning_wood at zone-h.org
-- 
web: http://exploitlabs.com
web: http://zone-h.org

original Advisory available at:
http://exploitlabs.com/files/advisories/EXPL-A-2005-012-PHPTopSites.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2005, SecurityGlobal.net LLC