SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   DUclassmate Vendors:   DUware
DUclassmate Authentication Flaw Lets Remote Users Change the Passwords of Other Users
SecurityTracker Alert ID:  1011597
SecurityTracker URL:  http://securitytracker.com/id/1011597
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 11 2004
Impact:   Modification of authentication information, User access via network
Exploit Included:  Yes  

Description:   Soroush Dalili reported a vulnerability in DUclassmate. A remote user can change a target user's password.

It is reported that the 'account.asp' script does not authenticate user-supplied password change requests. A remote user can modify the value for the 'MM-recordId' parameter on the 'My Account' page and submit the modified value to change the password associated with an arbitrary user ID. Then, the remote user can access the account.

Impact:   A remote user can change the password of another user to an arbitrary value.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.duware.com/products/detail.asp?iPro=34&iCat=9&nCat=Ad%20Management (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  DUclassmate: you can change others passwords


DUclassmate is a free Classmates Listing & Friends Search Web
application. Backend by Access database, DUclassmate can store
unlimited number of alumni organized within states, cities and
schools. Each entry is displayed with with old and new names,
address, bio. and more. 
Vendor Url: www.DUware.com

Problem:
you can change "My Account" page to change others passwords
Details:
you can find this line in source
<input type="hidden" name="MM_recordId" value="[Your ID Number]">
just change its value to every id that you want, then change form
action to "http:\\[url]\DUclassmate\account.asp"
now save your page! by this way you could change every id password
that you want!

Soroush Dalili
my web: http://www.grayhatz.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC