SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (News)  >   Web Wiz Site News Vendors:   Web Wiz Guide
Web Wiz Site News Discloses Administrator Password to Remote Users
SecurityTracker Alert ID:  1006574
SecurityTracker URL:  http://securitytracker.com/id/1006574
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 14 2003
Impact:   Disclosure of authentication information, User access via network
Exploit Included:  Yes  
Version(s): 3.06
Description:   A vulnerability was reported in Web Wiz Site News. A remote user can retrieve the administrator's password.

Black Tigerz Research Group reported that the software stores the administrator's password without encryption in an MS Access database that can be downloaded by a remote user. A demonstration exploit URL is provided:

http://[target]/news/news.mdb

Impact:   A remote user can obtain the administrator's password and gain administrative access to the application.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.webwizguide.info/asp/sample_scripts/site_news_script.asp (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Web Wiz Site News realease v3.06 administration access.


Date:
14.04.2003

Subject:
Web Wiz Site News realease v3.06 administration access.

Description:
Free asp news management system. Includes, simple intergration, 
short news item with link to full story, insert images, links, 
text formatting, user comments(optional) with email notification, 
anti-spam settings, and more 

Vendor:
Web Wiz Guide
http://www.webwizguide.info/

Vulnerability:
Administrator's password is not encrypted. It is
placed in MS Acess database. An attaker may download 
it and gain administrators privilegies.
Example: http://www.target.com/news/news.mdb


Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,n3ch,drG4njubas.
Please visit our website: http://www.blacktigerz.org  

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC