Advanced Poll PHP-based Voting/Polling Software Gives Remote Users Administrative Access to the Application
|
|
SecurityTracker Alert ID: 1002516 |
|
SecurityTracker URL: http://securitytracker.com/id/1002516
|
|
CVE Reference:
CVE-2001-1423
(Links to External Site)
|
Updated: May 22 2009
|
Original Entry Date: Oct 10 2001
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 1.6; possibly earlier versions
|
Description:
A vulnerability was reported in Advanced Poll, a PHP-based voting/polling system. In a certain configuration, it allows a remote user to gain administrative privileges within the application.
It is reported that when a flat file database is used, a remote user can obtain administrative access to the application by supplying the administrative username in a query string, as follows:
&logged_in=usernamehere
|
Impact:
A remote user can gain administrative access to the application.
|
Solution:
The vendor has released a fixed version (1.61). It is available from the Vendor URL.
|
Vendor URL: www.proxy2.de/ (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS: Windows (Any)
|
Underlying OS Comments: Application is PHP code that can run on many operating systems.
|
|
Message History:
None.
|
Source Message Contents
|
Subject: Advanced Poll Script
|
Advanced Poll is a polling system written in PHP by http://www.proxy2.de,
versions older than 1.61 and that use the flat file DB version are
vulnerable
to unauthorized remote adminitration. Contacted vendor and this hole has
been fixed in 1.61
Remote access to the adminitration can be gained by supplying the
the adminitrative username in the query string:
&logged_in=usernamehere
Derek Comartin
derek@web-solve.net
|
|
