Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

CGI-Bug: News Update 1.1 administration password bug

From: "Morpheus[bd]" <morpheusbd () GMX NET>
Date: Fri, 27 Oct 2000 17:10:54 +0200
Hi,

there is a vulnerability in News Update 1.1 ((c) by CGIScriptCenter) which
allows malicious user to change the news administration password without
knowing the correct (former)password. For further information take a look at
the attached package, including an advisory and a proof-of-concept exploit.

Ciao,
Morpheus[bd]
www: www.brightdarkness.de
mailto: morpheusbd () gmx net

Attachment: newsexp.tar.gz
Description:

Previous By Date Next
Previous By Thread Next

Current thread: