Text Rider data directory information disclosure
| textrider-data-information-disclosure (24279) |  Medium Risk |
Description:
Text Rider fails to protect the \data directory in htaccess. A remote attacker could obtain this file using a specially-crafted URL request to obtain usernames and encrypted passwords including the administrator password, which could be used to gain unauthorized access to the application.
Consequences:
Obtain Information
Remedy:
No remedy available as of March 20, 2010.
References:
- eVuln Advisory EV0046: Text Rider Sensitive Information Disclosure.
- Text Rider Web site: A weblog about the new weblog management system.
- CVE-2006-0439: Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt.
- CVE-2006-0440: Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.
- SA18605: Text Rider Exposure of User Credentials
- SECTRACK ID: 1015533: Text Rider Lets Remote Users Obtain Authentication Information
- VUPEN/ADV-2006-0321: Text Rider Information Disclosure and Authentication Bypass Vulnerability
Platforms Affected:
- Text Rider Text Rider 2.4
Reported:
Jan 23, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net