SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  DUclassmate Vendors:  DUware
DUclassmate Authentication Flaw Lets Remote Users Change the Passwords of Other Users
SecurityTracker Alert ID:  1011597
SecurityTracker URL:  http://securitytracker.com/id?1011597
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 11 2004
Impact:  Modification of authentication information, User access via network
Exploit Included:  Yes  
Description:  Soroush Dalili reported a vulnerability in DUclassmate. A remote user can change a target user's password.

It is reported that the 'account.asp' script does not authenticate user-supplied password change requests. A remote user can modify the value for the 'MM-recordId' parameter on the 'My Account' page and submit the modified value to change the password associated with an arbitrary user ID. Then, the remote user can access the account.
Impact:  A remote user can change the password of another user to an arbitrary value.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.duware.com/products/detail.asp?iPro=34&iCat=9&nCat=Ad%20Management (Links to External Site)
Cause:  Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  "Soroosh Dalili" <s-dalili@cc.sbu.ac.ir>
Message History:   None.

 Source Message Contents
Date:  Sat, 9 Oct 2004 17:29:13 +0330
From:  "Soroosh Dalili" <s-dalili@cc.sbu.ac.ir>
Subject:  DUclassmate: you can change others passwords

 
 
DUclassmate is a free Classmates Listing & Friends Search Web
application. Backend by Access database, DUclassmate can store
unlimited number of alumni organized within states, cities and
schools. Each entry is displayed with with old and new names,
address, bio. and more. 
Vendor Url: www.DUware.com
 
Problem:
you can change "My Account" page to change others passwords
Details:
you can find this line in source
<input type="hidden" name="MM_recordId" value="[Your ID Number]">

just change its value to every id that you want, then change form
action to "http:\\[url]\DUclassmate\account.asp"
now save your page! by this way you could change every id password
that you want!
 
Soroush Dalili
my web: http://www.grayhatz.com


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC