CGI Script Center News Update Password Changing Vulnerability
BID:1881
Info
CGI Script Center News Update Password Changing Vulnerability
| Bugtraq ID: | 1881 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 27 2000 12:00AM |
| Updated: | Oct 27 2000 12:00AM |
| Credit: | First posted to Bugtraq by Morpheus[bd] <[email protected]> on Oct 27, 2000. |
| Vulnerable: |
CGI Script Center News Update 1.1 |
| Not Vulnerable: | |
Discussion
CGI Script Center News Update Password Changing Vulnerability
News Update is a shareware CGI program written in Perl that allows website operators to easily place headlines on their website. It is offered by CGI Script Center.
In version 1.1, it is possible for an anonymous attacker to remotely gain administrative access to the system. This is due to a bug in the implementation of admin password changing. The script fails to properly compare the password entered by the user to the old password (to verify that the administrator is who is really changing the password) and as a result anyone can change the administration password. Once administrative access is gained a malicious attacker can place arbitrary headlines on the victim website.
News Update is a shareware CGI program written in Perl that allows website operators to easily place headlines on their website. It is offered by CGI Script Center.
In version 1.1, it is possible for an anonymous attacker to remotely gain administrative access to the system. This is due to a bug in the implementation of admin password changing. The script fails to properly compare the password entered by the user to the old password (to verify that the administrator is who is really changing the password) and as a result anyone can change the administration password. Once administrative access is gained a malicious attacker can place arbitrary headlines on the victim website.
Exploit / POC
CGI Script Center News Update Password Changing Vulnerability
The tarball linked to below contains the advisory and exploit code submitted to Bugtraq by Morpheus[bd] <[email protected]>.
The tarball linked to below contains the advisory and exploit code submitted to Bugtraq by Morpheus[bd] <[email protected]>.
Solution / Fix
CGI Script Center News Update Password Changing Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].