|
[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie Vulnerability=0D
=0D
KAPDA New advisory=0D
=0D
Vulnerable product : NewsCMSLite=0D
Vendor: http://www.katywhitton.com=0D
Vulnerability: Authentication Flaw in 'newsadmin.asp' Lets Remote User Gain Administrative Access .=0D
=0D
Date :=0D
--------------------=0D
Found : 2006/05/21=0D
Vendor Contacted : N/A=0D
Release Date : 2006/05/24=0D
=0D
About NewsCMSLite :=0D
--------------------=0D
NewsCMSLite is a simple, easy to use and effective Content Management System (CMS).=0D
http://www.katywhitton.com/downloads/newsCMSlite/index.asp=0D
=0D
Vulnerability:=0D
--------------------=0D
The 'newsadmin.asp' script grants administrative privileges to the remote user if a certain cookie is set.=0D
A remote user can set a cookie named 'loggedIn' with a value of 'xY1zZoPQ' to gain administrative privileges.=0D
=0D
Solution:=0D
--------------------=0D
No patch`s released yet by vendor.=0D
=0D
Original Advisory:=0D
--------------------=0D
http://www.kapda.ir/advisory-332.html=0D
=0D
Credit :=0D
--------------------=0D
FarhadKey of KAPDA=0D
farhadkey [at} kapda