TUCoPS :: Web :: CMS / Portals :: b06-2465.htm

NewsCMSLite Login ByPass by Cookie
- NewsCMSLite Login ByPass by Cookie
- NewsCMSLite Login ByPass by Cookie


[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie Vulnerability=0D
=0D
KAPDA New advisory=0D
=0D
Vulnerable product : NewsCMSLite=0D
Vendor: http://www.katywhitton.com=0D 
Vulnerability: Authentication Flaw in 'newsadmin.asp' Lets Remote User Gain Administrative Access .=0D
=0D
Date :=0D
--------------------=0D
Found : 2006/05/21=0D
Vendor Contacted : N/A=0D
Release Date : 2006/05/24=0D
=0D
About NewsCMSLite :=0D
--------------------=0D
NewsCMSLite is a simple, easy to use and effective Content Management System (CMS).=0D
http://www.katywhitton.com/downloads/newsCMSlite/index.asp=0D 
=0D
Vulnerability:=0D
--------------------=0D
The 'newsadmin.asp' script grants administrative privileges to the remote user if a certain cookie is set.=0D
A remote user can set a cookie named 'loggedIn' with a value of 'xY1zZoPQ' to gain administrative privileges.=0D
=0D
Solution:=0D
--------------------=0D
No patch`s released yet by vendor.=0D
=0D
Original Advisory:=0D
--------------------=0D
http://www.kapda.ir/advisory-332.html=0D 
=0D
Credit :=0D
--------------------=0D
FarhadKey of KAPDA=0D
farhadkey [at} kapda  net=0D
Kapda - Security Science Researchers Insitute of Iran=0D
http://www.KAPDA.ir

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH