Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Forum/Board/Portal)  >   PortalApp Vendors:   Iatek
Iatek PortalApp Access Control Bug Lets Remote Authenticated Users Gain Administrator Privileges on the Portal
SecurityTracker Alert ID:  1005541
SecurityTracker URL:
CVE Reference:   CVE-2002-1659   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Nov 5 2002
Impact:   Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): 2.2
Description:   SilentScripter reported an access control vulnerability in Iatek's PortalApp. A remote authenticated user can obtain elevated privileges on the portal.

The software permits any authenticated user to set their own privileges on the portal via the 'user_profile.asp' script.

A demonstration exploit URL is provided (where the user_id values are 1 for member, 2 for moderator, 3 for Admin, and 4 for SuperAdmin):


[Editor's note: The vendor has been notified.]

Impact:   A remote authenticated user can obtain elevated privileges on the portal.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  PortalApp vulnerability

Description : A complete, easy-to-modify .asp portal system. With this
ASPapp portal you can manage users, content, links, forums, surveys,
classifieds, calendar, downloads, images, faq's, news, and more. Complete
asp vbscript source code and Access or SQL database included.

Exploit :


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC