FishyShoop Administrative Bypass Vulnerability
BID:21731
Info
FishyShoop Administrative Bypass Vulnerability
| Bugtraq ID: | 21731 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 24 2006 12:00AM |
| Updated: | Jan 02 2007 06:06PM |
| Credit: | Discovery is credited to James Gray. |
| Vulnerable: |
FishyShoop FishyShoop 0.930 beta |
| Not Vulnerable: | |
Discussion
FishyShoop Administrative Bypass Vulnerability
FishyShoop is prone to a vulnerability that may let remote attackers gain administrative access to the program.
The application fails to do sufficient checks on user-supplied POST data, allowing an attacker to elevate their access level with the application. A successful attack will compromise the web application.
This issue was reported to affect 0.930 beta; other versions may also be affected.
FishyShoop is prone to a vulnerability that may let remote attackers gain administrative access to the program.
The application fails to do sufficient checks on user-supplied POST data, allowing an attacker to elevate their access level with the application. A successful attack will compromise the web application.
This issue was reported to affect 0.930 beta; other versions may also be affected.
Exploit / POC
FishyShoop Administrative Bypass Vulnerability
The following exploit was provided:
The following exploit was provided:
Solution / Fix
FishyShoop Administrative Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
FishyShoop Administrative Bypass Vulnerability
References:
References:
- FishyShoop Homepage (FishyShoop)
- Fishyshoop Security Vulnerability ("James Gray"