<<< Date Index >>>     <<< Thread Index >>>

Singapore password file exploit



June 13 2004

There is a vulnerability in the software package of Singapore.
Say hello to theyr website: http://singapore.sourceforge.net/
This effects every version thye have made.

QUOTE OF THEIR DAY: (a while ago)_

"It is now a little over a year since singapore was first released on SourceForge.net. In that time it has grown from a simple script used on a single site to a fully fledged image gallery used on thousands of sites around the world."

BAD NEWS TOSE SIGHTS ARE ALSO NOW AL HACKED

In the singapore folder you are browsing on a website, go to: folder/data/adminusers.csv

Hello password files, with my 3.2 ghz extreme p4 i can crack you in miutes of time/.(md5 hash = lol )

This exploit can be fixed by putting access restrictions on the adminusers.csv file, something that almost nobody has done. The software does NOT do it on its own.

google has a nice list of the sitez which are now under hacker control:

http://www.google.com./search?hl=en&ie=UTF-8&q=%22Powered+by+singapore%22

other search sites i enjoy like dogpile find more.

What is importnat here is not the IMAGES getting hacked nobody cares about htat, lots of admins use the same pass of singapore on the FTP server or website ADMIN. try the passwords there and this site is now taken over from illegal hacking.

Thanksyou for your time this exploit is the first from my group known on the internet and lunix channels as www.wehack.com

~`TOBY`~

_________________________________________________________________
Watch the online reality show Mixed Messages with a friend and enter to win a trip to NY http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/01/