Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: bt590.txt

Information Disclosure Vulnerability in bitboard2


Advisory Information
Advisory Name      : Information Disclosure Vulnerability in bitboard2
Author             : Marc Bromm <> Germany
Discover by        : Marc Bromm <> Germany
Release Date       : 9. Juli 2003
Application        : bitboard2 (textfile based board)
Vendor Homepage    :
Vendor Status      : notified
Vulnerable Versions: bitboard2  (maybe older)
Platforms          : OS Independent, PHP
Severity           : High


The bitboard2 is a board that need no database to work. So it is useful
for webmaster that have no access to a sql database.


1. Get the admin passwort hash

The crypt hash of the admin password is stored in
Everyone has access to it. So only get the hash and crackit with john.

The real problem is that many admins don't use secure passwort ;-)

######Vendor Response:

They told me that they are going to fix it in the next version.

Greetz to:

Erik, (O_o)oOoOoOo.

-- - The professional email service

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH