[UNIX] TowerBlog Administrative Authentication Bypassing
From: SecuriTeam (support_at_securiteam.com)
Date: 04/12/05
- Previous message: SecuriTeam: "[UNIX] LiteCommerce SQL Injection and Source Disclosure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 12 Apr 2005 15:39:02 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
TowerBlog Administrative Authentication Bypassing
------------------------------------------------------------------------
SUMMARY
<http://tower.hybryd.org/?x=home> TowerBlog is, in short, a "single user
web-log (or web journal if you will) content management system, aka CMS".
Due to bad coding practices a remote attacker can cause the TowerBlog to
think that an administrator is accessing the system and grant him
administrative privileges to the blog, this without having to know the
username and password of the administrator.
DETAILS
Vulnerable Systems:
* TowerBlog version 0.6 and prior
By accessing the TowerBlog system with a cookie named TowerBlog_LoggedIn
whose value has been set to 1 a remote user can impersonate an
administrator of the blog system.
Vendor Status:
Vendor has been informed, as of writing of this advisory he plans on not
fixing this problem as he lost interest in continuing the development of
the product.
ADDITIONAL INFORMATION
The information has been provided by <mailto:noamr@beyondsecurity.com>
Noam Rathaus.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] LiteCommerce SQL Injection and Source Disclosure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
