My Guest Book Authorization Bypass

2002-03-27T09:07:27
ID OSVDB:4625
Type osvdb
Reporter Over G(overg@mail.ru)
Modified 2002-03-27T09:07:27

Description

Vulnerability Description

myGuestBk contains a flaw that allows a remote attacker, using a properly designed URL request, to gain access to the administrative web panel and administrative functions such as adding or deleting database entries. This refers to the discontinued ASP script named myGuestBk by Elad Rosenberg and not the PHP/MySQL script called MyGuestbook by Mark Kronsbein.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. The myGuestBk author has discontinued all support for ASP applications.

Short Description

myGuestBk contains a flaw that allows a remote attacker, using a properly designed URL request, to gain access to the administrative web panel and administrative functions such as adding or deleting database entries. This refers to the discontinued ASP script named myGuestBk by Elad Rosenberg and not the PHP/MySQL script called MyGuestbook by Mark Kronsbein.

Manual Testing Notes

The following URL has been reported to allow access to the admin panel:

http://[target]/myguestBk/admin/index.asp

A remote user could delete guest book entries using:

http://[target]/myguestBk/admin/delEnt.asp?id=[NEWSNUMBER]

References:

Related OSVDB ID: 4623 Related OSVDB ID: 4624 Nessus Plugin ID:11489 Mail List Post: http://seclists.org/lists/bugtraq/2003/Mar/0390.html Keyword: My Guest Book Keyword: myGuestBk ISS X-Force ID: 11640 Bugtraq ID: 7213