Bandwebsite Unauthorized Administrative Account Creation Vulnerability
BID:21625
Info
Bandwebsite Unauthorized Administrative Account Creation Vulnerability
| Bugtraq ID: | 21625 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 16 2006 12:00AM |
| Updated: | Dec 18 2006 05:03PM |
| Credit: | H0tTurk- is credited with the discovery of this vulnerability. |
| Vulnerable: |
Jelle de Vos Bandwebsite 1.5 |
| Not Vulnerable: | |
Discussion
Bandwebsite Unauthorized Administrative Account Creation Vulnerability
Bandwebsite is prone to a vulnerability that may allow an unauthorized remote attacker to create an administrative account and to gain administrative access to an affected application.
Version 1.5 is vulnerable to this issue; other versions may also be affected.
Bandwebsite is prone to a vulnerability that may allow an unauthorized remote attacker to create an administrative account and to gain administrative access to an affected application.
Version 1.5 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Bandwebsite Unauthorized Administrative Account Creation Vulnerability
An attacker uses the affected application itself to exploit this issue.
The following exploit demonstrates this issue:
An attacker uses the affected application itself to exploit this issue.
The following exploit demonstrates this issue:
Solution / Fix
Bandwebsite Unauthorized Administrative Account Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Bandwebsite Unauthorized Administrative Account Creation Vulnerability
References:
References:
- Bandwebsite Home Page (Jelle de Vos)