[Full-disclosure] Kshout Data Disclosure

["group@xxxxxxxxxxxxxxxx" <group@xxxxxxxxxxxxxxxx>]

===========================================================

============================================================
Title: Kshout Data Disclosure
Vulnerability Discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 26/07/2005
Severity: Medium. Remote users can view configuration file.
Affected version: 2.* & 3.*
Vendor: http://www.knusperleicht.at/
============================================================

============================================================

* Summary *

This is a simple ShoutBox.

-------------------------------------------------------------

* Problem Description *

Default Installation save configuration in insecure file.

Remote users can view settings.dat

Example:

http://server/shoutbox/db/settings.dat

/*

....

username='5588cb8830fdb8ac7159b7cf5d1e611e';

$passwort='d1ff1ec86b62cd5f3903ff19c3a326b2';

....

*/

--------------------------------------------------------


-------------------------------------------------------------

* Fix *

Unofficial Patch:

/*

Change: 

require("$sb_path"."db/settings.dat");

for

require("$sb_path"."db/settings.php");

*/

and rename settings.dat to settings.php in dir /shoutbox/db/
-------------------------------------------------------------

* References *

http://www.soulblack.com.ar/repo/papers/advisory/kshout_advisory.txt

-------------------------------------------------------------

* Credits *

Vulnerability reported by SoulBlack Security Research

============================================================

--
SoulBlack - Security Research
http://www.soulblack.com.ar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/