Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: web5138.htm

Greymatter remote login/pass exposure
25th Feb 2002 [SBWID-5138]

	Greymatter remote login/pass exposure


	Greymatter 1.21c and earlier


	In jericho \'security curmudgeon\' advisory [] :


	The big sign of GM being present  is  /cgi-bin/gm.cgi  ..  that  is  the
	greymatter login screen and odds are GM  is  being  run  as  root.  Just
	getting the password will let you post to the  blogger,  erase  entries,
	upload files and more. However, there are a lot of CGIs  (listed  below)
	associated with the package, many  could  be  vulnerable  to  the  older

	Just search for a file called \"gmrightclick\" in google and download  a
	file called \"gmrightclick*.reg\" where the stars  represent  a  number.
	open it and there you have it: Username and  Password  for  everyone  to


	see refs :



	If the administrator uses the \"Add  Bookmarklets\"  feature  to  add  a
	link/photo, it will add a new \"gmrightclick*\" file  unless  they  have
	set the \"clear\" function in their configuration. After adding a  link,
	they need to hit the \"Clear And Exit\" button  at  the  bottom  of  the
	page. This will remove all \"gmrightclick*reg\" files.

	Sites that customize their  look/HTML  will  likely  not  have  an  open
	/archive/ dir. Sites that use \"Master Archive\" option will not have  a
	browsable /archive/ directory. This will make it difficult to  find  the

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH