Wwwboard Passwd.txt Network Vulnerability

Summary

The remote web server contains a CGI application that is prone to information disclosure. Description : The remote host is running WWWBoard, a bulletin board system written by Matt Wright. This board system comes with a password file (passwd.txt) installed next to the file 'wwwboard.html'. An attacker may obtain the content of this file and decode the password to modify the remote www board.

Solution

Configure the wwwadmin.pl script to change the name and location of 'passwd.txt'.

References

http://archives.neohapsis.com/archives/bugtraq/1998_3/0746.html
http://archives.neohapsis.com/archives/bugtraq/1999-q3/0993.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-1999-0953

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

'research_display.php' SQL Injection Vulnerability
ASP Inline Corporate Calendar SQL injection
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat /servlet Cross Site Scripting

wwwboard passwd.txt

Take action and discover your vulnerabilities