SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Poster Vendors:   Benzinger, Brian
Poster Setup Script Lets Remote Users Access Administrative Functions
SecurityTracker Alert ID:  1007508
SecurityTracker URL:  http://securitytracker.com/id/1007508
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 15 2003
Impact:   User access via network
Exploit Included:  Yes  
Version(s): 2.0
Description:   A vulnerability was reported in Poster. A remote user can access administrative functions.

It is reported that a remote user can access the setup script (even after the application has been setup) to add user accounts. A demonstration exploit URL is provided:

http://[target]/poster/?go=setup_submit&un=DarkKnight&pw=123456&em=EMAIL&submit=submit

It is reported that a remote user can perform all administrator functions, such as deleting accounts, modifying or posting news, and viewing user passwords.

Fusen and DarkKnight reported this flaw.

The vendor has reportedly been notified.

Impact:   A remote user can gain access to administrative functions.
Solution:   No solution was available at the time of this entry.
Vendor URL:  x.faction.nu/scripts.php?file=poster (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Poster.Version:Two Setup Vulnerability




Author: DarkKnight
My site: http://www.insecureonline.com
Product: Poster.version:two
Side Note: This is my first post ever on bugtraq, so bear with me. 
Vendors: Contacted

A vulnerability exists within Poster.version:two that allows a remote 
attacker to add accounts to a Poster.version:two. The vulnerability 
exists within Poster's setup. The setup doesn't lock itself after it is 
ran, so the setup is still active and usable. A sample is listed below

http://www.website.com/poster/?
go=setup_submit&un=DarkKnight&pw=123456&em=EMAIL&submit=submit

The above link would add the user "DarkKnight" with the password "123456" 
and the email "EMAIL" to the list of users for the Poster script. The 
user has complete admin access to Poster and will be able to delete 
accounts, modify news, post news, change the formation of the news, and 
steal the password of the users who use Poster, which may be the password 
to their email or website.

The two people who deserve credit for this vulnerability are: Fusen and 
DarkKnight [me :)]

Want great hosting? Get it at http://www.onlinehoster.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC