[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Admin Access Vulnerability in Community Wizard

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Admin Access Vulnerability in Community Wizard
From: Bahaa Naamneh <b_naamneh@xxxxxxxxxxx>
Date: 19 Sep 2003 20:40:17 -0000


Admin Access Vulnerability in Community Wizard


Affected Systems: Community Wizard

version: 5.1 (and possibly earlier versions)

Vendor: http://www.sepcity.com , http://www.commwiz.com

Issue: gain admin access

Released: 18 September 2003


Introduction:
=============
"Community Wizard allows anyone to run their own web Portal site without any 
programming knowledge. Features includes: user login/signup, site search, user 
profiles, content management, user management, adserver, search engines, 
forums, file libraries, guestbook, instant messenger, full administration 
section to allow the admin to manage the web site with page editors, module 
editors, general setup, site layout and several modules."


Details:
========
It is possible to gain admin access due to a flaw in the 'login.asp' file.
due to a flaw in the script that checking the username and the password it is 
possible to gain admin access by using this code 'or''=' as the password and 
not important what the username that you enter, you can enter whatever in the 
Username field.

Username: whatever
Password: 'or''='


Vendor status:
==============
The vendor has been informed, and bug has been fixed as they told me.


Discovered by/Credit:
=====================
Bahaa Naamneh
b_naamneh@xxxxxxxxxxx
http://www.bsecurity.tk

Prev by Date: [Advisory] Powerslave 4.3 Information Leak Vuln.
Next by Date: LSH: Buffer overrun and remote root compromise in lshd
Previous by thread: [Advisory] Powerslave 4.3 Information Leak Vuln.
Next by thread: LSH: Buffer overrun and remote root compromise in lshd
Index(es):
- Date
- Thread