Lucene search
allmanage.pl.txt
Allmanage.pl vulnerability allows unauthorized access to user directories via upload functionality.
Show more
`Allmanage.pl vulnerability (13 may 2000)
Websites using 'Allmanage Website Administration Software 2.6 WITH the upload ability', and maybe
earlier versions , contain a vulnerability wich gives you full add/del/change
access in the user-account directories and you can change the files in the main directory of the
CGI script.
Go instead of /allmanage.pl to /allmanageup.pl (extension can be .cgi eventually).
You ll get into the "Upload Successful! page" and press on the 'Return To Filemanager'-button.
Now you ll get into the Root Directory. From here you can add, change, delete user-accounts and
change the contents of the directory main page.
This vulnerability is only tested with the Perl version of the script on 9 different sites, all
were vulnerable, and it is not tested with the MySQL version and earlier releases.
Allmanage is freeware (www.prowebpages.com) and distributed on several CGI-resource-sites. Wich
indicates that the script is widespread, not sure.
Bighawk, [email protected]
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 May 2000 00:00Current
7.4High risk
Vulners AI Score7.4