Siteman User Database Privilege Escalation Vulnerability
BID:12304
Info
Siteman User Database Privilege Escalation Vulnerability
| Bugtraq ID: | 12304 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2005 12:00AM |
| Updated: | Jan 19 2005 12:00AM |
| Credit: | Discovery is credited to amironline452 <[email protected]>. |
| Vulnerable: |
Siteman Siteman 1.1.10 Siteman Siteman 1.1.9 |
| Not Vulnerable: | |
Discussion
Siteman User Database Privilege Escalation Vulnerability
Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data.
Apparently, an attacker can supply additional lines to the stream used to write to the user database file through a URI parameter. This can allow the attacker to corrupt the user database file and potentially gain administrative privileges to the Siteman application.
Siteman 1.1.10 and prior versions are affected by this vulnerability.
Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data.
Apparently, an attacker can supply additional lines to the stream used to write to the user database file through a URI parameter. This can allow the attacker to corrupt the user database file and potentially gain administrative privileges to the Siteman application.
Siteman 1.1.10 and prior versions are affected by this vulnerability.
Exploit / POC
Siteman User Database Privilege Escalation Vulnerability
An exploit is not required.
The following proof of concepts are available:
An exploit is not required.
The following proof of concepts are available:
Solution / Fix
Siteman User Database Privilege Escalation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Siteman User Database Privilege Escalation Vulnerability
References:
References:
- Siteman Homepage (Siteman)
- Siteman User Database Line Insertion Vulnerability (Securiteam)
- God Admin Injection Vulnerability in Siteman 1.0.x (Pedram hayati