SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   ACS Blog Vendors:   ASPPress.com
ACS Blog Authentication Flaw in 'inc_login_check.asp' Lets Remote User Gain Administrative Access
SecurityTracker Alert ID:  1013795
SecurityTracker URL:  http://securitytracker.com/id/1013795
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 25 2005
Impact:   User access via network
Exploit Included:  Yes  
Version(s): 1.1.3 and prior versions
Description:   An authentication vulnerability was reported in ACS Blog. A remote user can gain administrative privileges on the application.

The 'inc_login_check.asp' script grants administrative privileges to the remote user if a certain cookie is set. A remote user can set a cookie named 'ACSBlog12345' with a value of 'in' to gain administrative privileges.

farhad koosha reported this vulnerability.

Impact:   A remote user can gain administrative privileges on the application.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.asppress.com/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  ACSblog bug




*/ WWW.BAHADORLOVER.COM \*

ACSblog :
A asp weblog with manageable code blocks and logical structure make it easy for the novice to get into the code and customize it to
 your site. Full-featured enough for expert bloggers

vendor:www.asppress.com

Where is the bug ?

inc_login_check.asp 

<% if request.cookies(cookiename)="in" then
ihaveadminright=true
else
ihaveadminright=false
end if
%>

---------------

Default cookiename is "ACSBlog12345" and you can create a cookie or using http headers -> ACSBlog12345=in

---------------

vulnerable versions:
0.8
1.0
1.0.1
1.0.2
1.0.3
1.1
1.1.2
1.1.3
Commercial Version

3NITRO : www.bahadorlover.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC