Sensitive Information Disclosure in Text Rider
- Sensitive Information Disclosure in Text Rider
- Last Update
- 0 n/a
- CVE-2006-0439 CVE-2006-0440
- Risk Level
- Sensitive Information Disclosure
- Vulnerable Software
- Text Rider (http://robot.ir/blog/mollasadra/textrider/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Sensitive Information Disclosure found in Text Rider (http://robot.ir/blog/mollasadra/textrider/) script.
Directory data isn't protected by htaccess in default installiation. This can be used to retrieve registered user's information including logins and password's md5 hashes.
Cookie-based authentication is threatened.
To authenticate as administrator cookies need to contain the folowing:
username=[admin user]password=[md5 hash]
Administrator has an ability to edit "config.php" file and upload arbitrary files.
System access is possible.
Solution for "Sensitive Information Disclosure in Text Rider" is not available. Check vendor's website for updates.