NewsScript Access Validation Vulnerability
BID:12761
Info
NewsScript Access Validation Vulnerability
| Bugtraq ID: | 12761 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2005 12:00AM |
| Updated: | Mar 08 2005 12:00AM |
| Credit: | Discovery is credited to <[email protected]>. |
| Vulnerable: |
NewsScript.co.uk NewsScript |
| Not Vulnerable: | |
Discussion
NewsScript Access Validation Vulnerability
NewsScript is reported prone to an access validation vulnerability. This issue may allow an unauthorized attacker to add, modify and delete messages.
It is reported that an attacker can exploit this issue by issuing a specially crafted HTTP GET request for the 'newsscript.pl' script to bypass access checks and carry out administrative tasks.
NewsScript is reported prone to an access validation vulnerability. This issue may allow an unauthorized attacker to add, modify and delete messages.
It is reported that an attacker can exploit this issue by issuing a specially crafted HTTP GET request for the 'newsscript.pl' script to bypass access checks and carry out administrative tasks.
Exploit / POC
NewsScript Access Validation Vulnerability
An exploit is not required.
The following proof of concept is available:
www.example.com/newsscript.pl?mode=admin
An exploit is not required.
The following proof of concept is available:
www.example.com/newsscript.pl?mode=admin
Solution / Fix
NewsScript Access Validation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.