Skip to main content

Vulnerability in HITB's code and possibly Thatware 0.5.3 (confirmed)

posted onFebruary 24, 2002
by hitbsecnews

I got an e-mail from Koen yesterday night alerting me to 2 security vulnerabilities in HITB's code. Much love and respect to Koen for alerting me to the hole and not turning malicious with the information he found. It's certainly nice to know that there are still plenty of white hats out there hacking for hacking sake.

Details:

1.) The first hole is in config.php -- the vulnerability exsists through the use of $root_path. Basically removing $root_path and specifying the complete directory location to the db_settings.php will solve this potential for exploit.

2.) The second bug was in auth.inc.php -- this bug however I think will only affect users of the older version. The problem lies on the following lines in the file:

$admin = base64_decode($user);
$admin = explode(":", $admin);

The lines above should be changed to this:

$admin = addslashes(base64_decode($user));
$admin = explode(":", $admin);

Now I should note that HITB runs a mangled version of Thatware, and while the version that we're using is indeed rather old, I'm not sure if the bugs found affect the current latest release of Thatware (version 0.5.3) -- I'm guessing at least the one bug in config.php would probrably still be vulnerable, but I haven't checked.

Source

Tags

HITB News

You May Also Like

Recent News

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th

Wednesday, June 5th