SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Advanced Poll Vendors:   Chi Kien Uong
Advanced Poll PHP-based Voting/Polling Software Gives Remote Users Administrative Access to the Application
SecurityTracker Alert ID:  1002516
SecurityTracker URL:  http://securitytracker.com/id/1002516
CVE Reference:   CVE-2001-1423   (Links to External Site)
Updated:  May 22 2009
Original Entry Date:  Oct 10 2001
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.6; possibly earlier versions
Description:   A vulnerability was reported in Advanced Poll, a PHP-based voting/polling system. In a certain configuration, it allows a remote user to gain administrative privileges within the application.

It is reported that when a flat file database is used, a remote user can obtain administrative access to the application by supplying the administrative username in a query string, as follows:

&logged_in=usernamehere

Impact:   A remote user can gain administrative access to the application.
Solution:   The vendor has released a fixed version (1.61). It is available from the Vendor URL.
Vendor URL:  www.proxy2.de/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Windows (Any)
Underlying OS Comments:  Application is PHP code that can run on many operating systems.

Message History:   None.


 Source Message Contents

Subject:  Advanced Poll Script



Advanced Poll is a polling system written in PHP by http://www.proxy2.de,
versions older than 1.61 and that use the flat file DB version are
vulnerable
to unauthorized remote adminitration. Contacted vendor and this hole has
been fixed in 1.61

Remote access to the adminitration can be gained by supplying the
the adminitrative username in the query string:

&logged_in=usernamehere

Derek Comartin
derek@web-solve.net


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC