Allmanage.pl Admin Password vulnerability (15 may 2000)

Another allmanage.pl vulnerability (see also allmanage.pl.txt)
 
Everybody can easily get the admin password from the allmanage directory. You are able to 
set/change lots of variables, add accounts, mail users, backup, restore, edit header/footer code
etc..

It's really easy to get:

-Find were allmanage.pl is located and change allmanage.pl with K . For example: 
 allmanage/allmanage.pl will become allmanage/k . This file contains the admin password, not 
 encrypted.
-Go to allmanage_admin.pl instead of allmanage.pl and login. You can use admin as loginname.
-Now you're in the main admin panel.
 N.B. loginname is not always admin, but in most of the cases it is.

I tried this on 8 sites using allmanage.pl. 6 of them were vulnerable.

Other interresting files to request:

adp : Admin information and encrypted password
userfile.dat : All user information they entered requesting their account. (N.B. not always there)
settings.cfg : Config file, you can get the same information out of the admin panel.

This may also work on the version without the upload ability.

Bighawk, bighawk@warfare.com