MyBlog Settings.PHP Authentication Bypass Vulnerability
BID:23521
Info
MyBlog Settings.PHP Authentication Bypass Vulnerability
| Bugtraq ID: | 23521 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2007 12:00AM |
| Updated: | Nov 22 2007 06:04PM |
| Credit: | BlackHawk is credited with discovering this vulnerability. |
| Vulnerable: |
MyBlog MyBlog 0.9.8 |
| Not Vulnerable: | |
Discussion
MyBlog Settings.PHP Authentication Bypass Vulnerability
MyBlog is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to bypass the authentication mechanism and then access or overwrite files with arbitrary PHP script code. Script code added to certain files are later included for execution, allowing the attacker to exploit this issue to execute arbitrary PHP script code.
MyBlog 0.9.8 and prior versions are vulnerable to this issue.
MyBlog is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to bypass the authentication mechanism and then access or overwrite files with arbitrary PHP script code. Script code added to certain files are later included for execution, allowing the attacker to exploit this issue to execute arbitrary PHP script code.
MyBlog 0.9.8 and prior versions are vulnerable to this issue.
Exploit / POC
MyBlog Settings.PHP Authentication Bypass Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Solution / Fix
MyBlog Settings.PHP Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
MyBlog Settings.PHP Authentication Bypass Vulnerability
References:
References: