LinksCaffe 'admin1953.php' Grants Remote Users Administrative Access
|
|
SecurityTracker Alert ID: 1016767
|
|
SecurityTracker URL: http://securitytracker.com/id?1016767
|
|
CVE Reference: CVE-2006-4462
(Links to External Site)
|
Updated: Jun 8 2008
|
Original Entry Date: Aug 29 2006
|
Impact: User access via network
|
Exploit Included: Yes
|
Version(s): 2.0, 3.0
|
Description: HoangYenXinhDep of Vietnam Security Team reported a vulnerability in LinksCaffe. A remote user can gain administrative access.
The 'admin1953.php' script does not require authentication. A remote user can directly access the script to gain administrative
access to the target application.
If the 'action', 'cat', 'search', or 'editsub' parameters are supplied, access can be obtained.
A
demonstration exploit URL is provided:
http://[target]/[path_to_linksCaffe]/Admin/admin1953.php
|
Impact: A remote user can gain administrative access to the target application.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: gonafish.com/index.php?id=1 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: "Vietnam Security" <vietnamsecurity@gmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 29 Aug 2006 12:06:12 +0700
From: "Vietnam Security" <vietnamsecurity@gmail.com>
Subject: Gonafish.com LinksCaffe 3.0 no checker administration file
|
Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file
admin1953.php can be accessed directly to get full administration rights without
password and username.
Proof of exploit:
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php
Or the images of mirror
http://vietnamsecurity.googlepages.com/1.JPG
http://vietnamsecurity.googlepages.com/2.JPG
http://vietnamsecurity.googlepages.com/3.JPG
Affected
LinksCaffe 2.0, 3.0, Pro no test
Fix : Easy to fix, just put checker to the file
HoangYenXinhDep
Vietnam Security Team
http://www.vnsecurity.com
|
|
