ZWS Newsletter and Mailing List Manager Discloses User Passwords to Remote Users
|
|
SecurityTracker Alert ID: 1010578
|
|
SecurityTracker URL: http://securitytracker.com/id?1010578
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 25 2004
|
Impact: Disclosure of authentication information, Disclosure of user information
|
Exploit Included: Yes
|
Description: A vulnerability was reported in ZWS Newsletter and Mailing List Manager. A remote user can view a list of users and their passwords.
GaMeS reported that a remote user can invoke the 'admin.php' script to list all users registered for the newsletter along with their
passwords.
A demonstration exploit URL is provided:
http://[target]/newsletter/admin.php?f=list_user&uname=test&ulevel=1
|
Impact: A remote user can obtain a list of users and their passwords.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: zaireweb.com/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: GaMeS GaMeS <bzh_mrim@yahoo.fr>
|
Message History:
None.
|
Source Message Contents
|
Date: 24 Jun 2004 18:07:08 -0000
From: GaMeS GaMeS <bzh_mrim@yahoo.fr>
Subject: ZWS Newsletter & Mailing List Manager
|
hello , i'm a frenchy boy and excuse me for my bad english...
i decover a bug in the newsletter ZWS ,
http://www.target.com/newsletter/admin.php?f=list_user&uname=test&ulevel=1
with this , you can list all user register in the newsletter with respective password.
after u log with a account Admin , u can create User , delete user , etc...
The variable "uname=test" define the nick to connect ,
"ulevel=1" define the level of this nick but 1 is Admin account.
if u want more explication , reply ;)
Bye
GaMeS
|
|
