<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7651.51">
<TITLE>[x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>-=[--------------------ADVISORY-------------------]=-<BR>
<BR>
Siteman 1.1.11 <BR>
<BR>
Author: CorryL [corryl80@gmail.com] <BR>
-=[-----------------------------------------------]=-<BR>
<BR>
<BR>
-=[+] Application: Siteman<BR>
-=[+] Version: 1.1.11<BR>
-=[+] Vendor's URL: <A HREF="http://home.no.net/siteman/">http://home.no.net/siteman/</A><BR>
-=[+] Platform: Windows\Linux\Unix<BR>
-=[+] Bug type: Remote Md5 Hash Disclosure Vulnerability<BR>
-=[+] Exploitation: Remote<BR>
-=[-]<BR>
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~<BR>
-=[+] Reference: www.x0n3-h4ck.org<BR>
-=[+] Virtual Office: <A HREF="http://www.kasamba.com/CorryL">http://www.kasamba.com/CorryL</A><BR>
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck <BR>
<BR>
<BR>
..::[ Descriprion ]::..<BR>
<BR>
This is the home of the Siteman project,<BR>
a content management system using the flat-file database system txtSQL for data storage.<BR>
<BR>
<BR>
..::[ Bug ]::..<BR>
<BR>
exploiting this bug a remote attaker is able to go up again to user name and admin password<BR>
what they are found to the first position<BR>
<BR>
<BR>
..::[ Proof Of Concept ]::..<BR>
<BR>
<A HREF="http://remote-server/data/members.txt">http://remote-server/data/members.txt</A><BR>
<BR>
<BR>
<BR>
<BR>
**************<BR>
Registrati ad Alice Basic e scarica Alice Messenger,<BR>
il nuovo instant messenger che ti fa chattare GRATIS con i tuoi amici!<BR>
Per maggiori informazioni vai su:<BR>
<A HREF="http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01">http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01</A></FONT>
</P>
</BODY>
</HTML>