Hogstorps Guestbook Unauthorized Access Vulnerability
BID:18205
CVE-2006-2771 |Info
Hogstorps Guestbook Unauthorized Access Vulnerability
| Bugtraq ID: | 18205 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2006 12:00AM |
| Updated: | Jun 01 2006 09:22PM |
| Credit: | omnipresent is credited with the discovery of this vulnerability. |
| Vulnerable: |
Hogstorps guestbook 2.0 |
| Not Vulnerable: | |
Discussion
Hogstorps Guestbook Unauthorized Access Vulnerability
Hogstorps guestbook is prone to an access-authorization vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials.
An attacker can exploit this issue to delete and modify application data. This could aid in further attacks on the affected computer.
Version 2.0 is vulnerable; other versions may also be affected.
Hogstorps guestbook is prone to an access-authorization vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials.
An attacker can exploit this issue to delete and modify application data. This could aid in further attacks on the affected computer.
Version 2.0 is vulnerable; other versions may also be affected.
Exploit / POC
Hogstorps Guestbook Unauthorized Access Vulnerability
This issue can be exploited through a web client.
An example URI has been provided:
This issue can be exploited through a web client.
An example URI has been provided:
Solution / Fix
Hogstorps Guestbook Unauthorized Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Hogstorps Guestbook Unauthorized Access Vulnerability
References:
References: