[Full-disclosure] RadBids Gold, RadLance Gold, RadNics Gold auction products: Admin bypass vulnerability
- From: "Duke" <vuln.invent@xxxxxxxxx>
- Date: Mon, 24 Jul 2006 14:03:34 +0700
Products: RadBids Gold, RadLance Gold, RadNics Gold auction products
VULNERABILITY CLASS: Admin login bypass
RadBids was designed to give you all the tools needed to rapidly deploy an ebay style auction web site solution. Our php
auction software is simple to deploy and easy to manage. From a web-based aministrative panel one can manage all aspects of
the auction software including categories, users, financial transactions and every aspect of the auction software with a few
clicks of the mouse.
An attacker can exploit RadScripts Auction Software admin login by entering the direct URL to admin scripts.
This can be used overwrite any file on server which has write permissions on it.
For example upload own php web-shell.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] (no subject)
- Next by Date: [Full-disclosure] [SECURITY] [DSA 1121-1] New postgrey packages fix denial of service
- Previous by thread: [Full-disclosure] Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006)
- Next by thread: [Full-disclosure] [SECURITY] [DSA 1121-1] New postgrey packages fix denial of service