('binary' encoding is not supported, stored as-is) Author: DarkKnight My site: http://www.insecureonline.com Product: Poster.version:two Side Note: This is my first post ever on bugtraq, so bear with me. Vendors: Contacted A vulnerability exists within Poster.version:two that allows a remote attacker to add accounts to a Poster.version:two. The vulnerability exists within Poster's setup. The setup doesn't lock itself after it is ran, so the setup is still active and usable. A sample is listed below http://www.website.com/poster/? go=setup_submit&un=DarkKnight&pw=123456&em=EMAIL&submit=submit The above link would add the user "DarkKnight" with the password "123456" and the email "EMAIL" to the list of users for the Poster script. The user has complete admin access to Poster and will be able to delete accounts, modify news, post news, change the formation of the news, and steal the password of the users who use Poster, which may be the password to their email or website. The two people who deserve credit for this vulnerability are: Fusen and DarkKnight [me :)] Want great hosting? Get it at http://www.onlinehoster.com
This archive was generated by hypermail 2b30 : Fri Aug 15 2003 - 11:52:01 PDT