Singapore password file exploit
June 13 2004
There is a vulnerability in the software package of Singapore.
Say hello to theyr website: http://singapore.sourceforge.net/
This effects every version thye have made.
QUOTE OF THEIR DAY: (a while ago)_
"It is now a little over a year since singapore was first released on
SourceForge.net. In that time it has grown from a simple script used on a
single site to a fully fledged image gallery used on thousands of sites
around the world."
BAD NEWS TOSE SIGHTS ARE ALSO NOW AL HACKED
In the singapore folder you are browsing on a website, go to:
folder/data/adminusers.csv
Hello password files, with my 3.2 ghz extreme p4 i can crack you in miutes
of time/.(md5 hash = lol )
This exploit can be fixed by putting access restrictions on the
adminusers.csv file, something that almost nobody has done. The software
does NOT do it on its own.
google has a nice list of the sitez which are now under hacker control:
http://www.google.com./search?hl=en&ie=UTF-8&q=%22Powered+by+singapore%22
other search sites i enjoy like dogpile find more.
What is importnat here is not the IMAGES getting hacked nobody cares about
htat, lots of admins use the same pass of singapore on the FTP server or
website ADMIN. try the passwords there and this site is now taken over from
illegal hacking.
Thanksyou for your time this exploit is the first from my group known on the
internet and lunix channels as www.wehack.com
~`TOBY`~
_________________________________________________________________
Watch the online reality show Mixed Messages with a friend and enter to win
a trip to NY
http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/01/