Archangel Weblog Cookie ba_admin Variable Admin Authentication Bypass

2006-02-26T21:34:12
ID OSVDB:23620
Type osvdb
Reporter KingOfSka(ingofska@gmail.com)
Modified 2006-02-26T21:34:12

Description

Vulnerability Description

Archangel Weblog contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker includes a cookie with the value 'ba_admin=1' within the HTTP headers while requesting /admin/index.php. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Archangel Weblog contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker includes a cookie with the value 'ba_admin=1' within the HTTP headers while requesting /admin/index.php. This flaw may lead to a loss of integrity.

Manual Testing Notes

GET http://[target]/admin/index.php HTTP/1.1 Host: [target] Cookie: ba_admin=1

References:

Vendor URL: http://www.archangelmgt.com/ Security Tracker: 1015689 Related OSVDB ID: 23621 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0502.html Keyword: Contro Potere Crew Advisories #5 ISS X-Force ID: 24984 CVE-2006-0944 Bugtraq ID: 16848