BugTraq
Back to list
|
Post reply
Poster.Version:Two Setup Vulnerability
Aug 15 2003 05:26AM
DarkKnight (mbuzz04 yahoo com)
Author: DarkKnight
My site: http://www.insecureonline.com
Product: Poster.version:two
Side Note: This is my first post ever on bugtraq, so bear with me.
Vendors: Contacted
A vulnerability exists within Poster.version:two that allows a remote
attacker to add accounts to a Poster.version:two. The vulnerability
exists within Poster's setup. The setup doesn't lock itself after it is
ran, so the setup is still active and usable. A sample is listed below
http://www.website.com/poster/?
go=setup_submit&un=DarkKnight&pw=123456&em=EMAIL&submit=submit
The above link would add the user "DarkKnight" with the password "123456"
and the email "EMAIL" to the list of users for the Poster script. The
user has complete admin access to Poster and will be able to delete
accounts, modify news, post news, change the formation of the news, and
steal the password of the users who use Poster, which may be the password
to their email or website.
The two people who deserve credit for this vulnerability are: Fusen and
DarkKnight [me :)]
Want great hosting? Get it at http://www.onlinehoster.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Author: DarkKnight
My site: http://www.insecureonline.com
Product: Poster.version:two
Side Note: This is my first post ever on bugtraq, so bear with me.
Vendors: Contacted
A vulnerability exists within Poster.version:two that allows a remote
attacker to add accounts to a Poster.version:two. The vulnerability
exists within Poster's setup. The setup doesn't lock itself after it is
ran, so the setup is still active and usable. A sample is listed below
http://www.website.com/poster/?
go=setup_submit&un=DarkKnight&pw=123456&em=EMAIL&submit=submit
The above link would add the user "DarkKnight" with the password "123456"
and the email "EMAIL" to the list of users for the Poster script. The
user has complete admin access to Poster and will be able to delete
accounts, modify news, post news, change the formation of the news, and
steal the password of the users who use Poster, which may be the password
to their email or website.
The two people who deserve credit for this vulnerability are: Fusen and
DarkKnight [me :)]
Want great hosting? Get it at http://www.onlinehoster.com
[ reply ]