Vulnerability Development mailing list archives
CGI-Bug: News Update 1.1 administration password bug
From: "Morpheus[bd]" <morpheusbd () GMX NET>
Date: Fri, 27 Oct 2000 17:10:54 +0200
Hi, there is a vulnerability in News Update 1.1 ((c) by CGIScriptCenter) which allows malicious user to change the news administration password without knowing the correct (former)password. For further information take a look at the attached package, including an advisory and a proof-of-concept exploit. Ciao, Morpheus[bd] www: www.brightdarkness.de mailto: morpheusbd () gmx net
Attachment:
newsexp.tar.gz
Description:
Current thread:
- CGI-Bug: News Update 1.1 administration password bug Morpheus[bd] (Oct 28)