Vulnerability Development mailing list archives
Re: wwwboard my help reveal user name and password
From: spepper () WLU CA (Shelagh Pepper)
Date: Fri, 7 Jul 2000 12:23:39 -0400
Work around is to deny access to passwd.txt files Apache specific directive is: <Files passwd.txt> Order allow,deny Deny from all </Files> I would put a .htaccess file in wwwboards similar to the following: <Files *.txt> Order allow,deny Deny from all </Files> ErrorDocument 403 /Lame_excuses/not_found.html Shelagh At 03:00 AM 7/7/00 -0400, Julian Linton wrote:
This is probably well know already. if wwwboard.pl is install with most of it default settings any web user can access <http://www.somesite.com/wwwboard/passwd.txt>www.somesite.com/wwwboard/passwd.txt this will show the username and encrypted password for the wwwadmin.pl script. I did a search on the internet and many of the site that are running wwwboard use the same password and username for other service, such as ftp or telnet. I feel this can be a problem since the passwd.txt file is world readable. Julian Linton CIS Student @ FAMU.EDU jlinton () cis famu edu
Current thread:
- Re: BitchX /ignore bug, (continued)
- Re: BitchX /ignore bug Stephen J. Friedl (Jul 05)
- Re: BitchX /ignore bug Benjamin Karas (Jul 05)
- Re: BitchX /ignore bug Daniel Jacobowitz (Jul 05)
- Re: BitchX /ignore bug Thomas Dullien (Jul 05)
- Re: BitchX /ignore bug Ron DuFresne (Jul 06)
- Re: BitchX /ignore bug Keith Simonsen (Jul 06)
- Re: BitchX /ignore bug Steve Mosher (Jul 06)
- Re: BitchX /ignore bug Joe User (Jul 06)
- Re: BitchX /ignore bug Security Mail Acct. (Jul 06)
- wwwboard my help reveal user name and password Julian Linton (Jul 07)
- Re: wwwboard my help reveal user name and password Shelagh Pepper (Jul 07)
- Re: wwwboard my help reveal user name and password Shadowboxer (Jul 07)
- Re: wwwboard my help reveal user name and password Jason Legate (Jul 07)
- Re: wwwboard my help reveal user name and password Simon Hughes (Jul 11)
- Re: BitchX /ignore bug Ron DuFresne (Jul 06)
- About all the default password databases... Mikael Olsson (Jul 07)
- Re: About all the default password databases... Roelof Temmingh (Jul 07)
- Re: About all the default password databases... Jonathan Leto (Jul 07)
- Re: About all the default password databases... Phenoelit (Jul 08)
- Re: BitchX /ignore bug Steve Mosher (Jul 07)
- Re: BitchX /ignore bug Mikael Olsson (Jul 07)
- Re: BitchX /ignore bug Steve Mosher (Jul 08)