Text Rider data directory information disclosure
|textrider-data-information-disclosure (24279)||Medium Risk|
Text Rider fails to protect the \data directory in htaccess. A remote attacker could obtain this file using a specially-crafted URL request to obtain usernames and encrypted passwords including the administrator password, which could be used to gain unauthorized access to the application.
No remedy available as of September 1, 2014.
- eVuln Advisory EV0046: Text Rider Sensitive Information Disclosure.
- Text Rider Web site: A weblog about the new weblog management system.
- CVE-2006-0439: Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt.
- CVE-2006-0440: Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.
- OSVDB ID: 22727: Text Rider /data/userlist.txt User Authentication Credential Disclosure
- OSVDB ID: 22728: Text Rider config.php Modification Arbitrary Command Execution
- OSVDB ID: 23659: Text Rider Cookie Credential Authentication Bypass
- SA18605: Text Rider Exposure of User Credentials
- SECTRACK ID: 1015533: Text Rider Lets Remote Users Obtain Authentication Information
- Text Rider Text Rider 2.4
Jan 23, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this