HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #7
From team h4ck!nb3rg
New advisory by : churchy
Affected service(s): ultrashare
Severity [lmh] : high
Hello ladies and gentlemen from all over the world,
===== Problem =====
The ultrashare service allows user to share (upload and download) files. The service is implemented in ruby and internally uses serveral config files. One of the config files containing usernames and passwords is located in the following directory: /usr/l
b/cgi-bin/test.rb
The file can also be accessed using a standard web browser disclosing all the saved information about user credentials: For example: http://10.5.1.3:81//cgi-bin/test.rb
===== Impact =====
All stored users can be impersonated and internal information is disclosed.
===== Fix =====
vim .htaccess and enter:
<Files "test.rb">
order allow,deny
deny from all
</Files>
Have fun, we are pleased that so many teams participate today :-)
Rating
[1] Yes. you are right.