[<prev] [next>] [day] [month] [year] [list]
Message-ID: <001201c3ecf2$27869cc0$329f8018@su1>
Date: Fri, 6 Feb 2004 12:45:25 -0800
From: "Tri Huynh" <trihuynh@...up.com>
To: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>
Cc: <bugs@...uritytracker.com>, <news@...uriteam.com>, <vuln@...unia.com>
Subject: Open Journal Blog Authenticaion Bypassing Vulnerability
Open Journal Blog Authenticaion Bypassing Vulnerability
=================================================
PROGRAM: Open Journal
HOMEPAGE: http://www.grohol.com/downloads/oj/
VULNERABLE VERSIONS: 2.5 and below
DESCRIPTION
=================================================
OpenJournal is a completely Web-based interface
(say bye-bye to FTP, manual archiving, etc.). Features
include: automated file creation; automated index
updating; editing of all files through a Web-based
interface; entries with or without titles and time posted;
automated archiving based on a weekly or monthly format.
All done through ordinary text files and no additional
perl modules needed to run it
DETAILS
=================================================
By feeding special crafted data into the uid parameter of the URL, an attacker
can by pass the authentication process and access directly
to the software's control panel.
The below example will let the hacker add a new user to the software
account database.
http://www.test.com/cgi-bin/oj.cgi?db=default&uid=%00&userid=hacker&auth=adduser
WORKAROUND
=================================================
Open Journal's author (Dr John Grohol) is contacted.A patched version
(2.6) is ready for downloading on the website.
CREDITS
=================================================
Discovered by Tri Huynh from SentryUnion
DISLAIMER
=================================================
The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any damages whatsoever arising out of
or in connection with the use or spread of this information. Any use
of this information is at the user's own risk.
FEEDBACK
=================================================
Please send suggestions, updates, and comments to: trihuynh@...up.com
Content of type "text/html" skipped
Powered by blists - more mailing lists