Nukedit Register.ASP Unauthorized Access Vulnerability
BID:18157
CVE-2006-2737 |Info
Nukedit Register.ASP Unauthorized Access Vulnerability
| Bugtraq ID: | 18157 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 29 2006 12:00AM |
| Updated: | May 30 2006 10:07PM |
| Credit: | FarhadKey of KAPDA is credited with the discovery of this vulnerability. |
| Vulnerable: |
nukedit nukedit 4.9.6 |
| Not Vulnerable: | |
Discussion
Nukedit Register.ASP Unauthorized Access Vulnerability
The nukedit application is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly validate credentials before granting access to sensitive scripts.
An attacker can exploit this issue to create an administrative account, ultimately gaining administrative access.
This issue affects version 4.9.6; earlier versions may also be vulnerable.
The nukedit application is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly validate credentials before granting access to sensitive scripts.
An attacker can exploit this issue to create an administrative account, ultimately gaining administrative access.
This issue affects version 4.9.6; earlier versions may also be vulnerable.
Exploit / POC
Nukedit Register.ASP Unauthorized Access Vulnerability
This issue can be exploited through a web client.
This issue can be exploited through a web client.
Solution / Fix
Nukedit Register.ASP Unauthorized Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Nukedit Register.ASP Unauthorized Access Vulnerability
References:
References:
- [KAPDA::#46] - Nukedit Unauthorized Admin Add (KAPDA)
- Nukedit Homepage (Nukedit)
- Proof Of Concept (KAPDA)