lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 25 Oct 2006 08:05:24 -0000 From: farhadkey@...oo.com To: bugtraq@...urityfocus.com Subject: [KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities KAPDA New advisory Vulnerable product : PacPoll <= 4.0 Vendor: http://www.pacosdrivers.com/asp/poll/poll.asp Vulnerability: Admin Logon bypass , SQL_Injection Date : -------------------- Found : 2006/10/10 Vendor Contacted : N/A Release Date : 2006/10/25 Vulnerabilities: -------------------- Admin Logon bypass The vulnerability is caused due to weak authentication mechanisms to restrict access to the admin pages. This can be exploited to bypass authentication checks by setting the "polllog" cookie parameter to "xx" when accessing the page. Successful exploitations allows access to administrative functions without requiring knowledge of the password, but requires that the user has not modified the source code to change the cookie value. Admin/addpoll.asp , COOKIE : polllog=xx SQL_Injection Input passed to the "uid" and "pwd" parameters in 'Admin/check.asp' during login isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Username : a' or 'a'='a Password : 1' or '1'='1 Solution: -------------------- No patch`s released yet by vendor. Original Advisory: -------------------- http://www.kapda.ir/advisory-445.html Credit : -------------------- FarhadKey of KAPDA farhadkey [at} kapda <d0t> ir Kapda - Security Science Researchers Insitute of Iran http://www.KAPDA.ir
Powered by blists - more mailing lists