Allmanage.pl Admin Password vulnerability (15 may 2000) Another allmanage.pl vulnerability (see also allmanage.pl.txt) Everybody can easily get the admin password from the allmanage directory. You are able to set/change lots of variables, add accounts, mail users, backup, restore, edit header/footer code etc.. It's really easy to get: -Find were allmanage.pl is located and change allmanage.pl with K . For example: allmanage/allmanage.pl will become allmanage/k . This file contains the admin password, not encrypted. -Go to allmanage_admin.pl instead of allmanage.pl and login. You can use admin as loginname. -Now you're in the main admin panel. N.B. loginname is not always admin, but in most of the cases it is. I tried this on 8 sites using allmanage.pl. 6 of them were vulnerable. Other interresting files to request: adp : Admin information and encrypted password userfile.dat : All user information they entered requesting their account. (N.B. not always there) settings.cfg : Config file, you can get the same information out of the admin panel. This may also work on the version without the upload ability. Bighawk, bighawk@warfare.com