Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ZH2003-11SA.txt

🗓️ 18 Jul 2003 00:00:00Reported by Trash-80Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

Security flaw in Elite News allows attackers to gain administrative control via specific URLs.

Code
`ZH2003-11SA (security advisory): Elite News Ver. 1.0.0.0-1.0.0.3 Beta  
  
  
  
Published: 16/07/2003  
  
Released: 16/07/2003  
  
Name: Elite News   
  
Affected System(s): All versions   
  
Severity: High  
  
Platform(s): Windows and Unix   
  
Issue: Security holes enable attackers to take administrative control  
  
Original Advisory: http://www.zone-h.org/en/advisories/read/id=2710  
  
Author: Trash-80 - [email protected]  
  
  
  
Description  
  
************  
  
Zone-h Security Team has discovered a serious security flaw in Elite News Ver.1.0.0.0-1.0.0.3 Beta.   
Elite News is a news publishing system which allows you to easily post news and reviews without a MySQL database.  
  
  
Details  
  
********  
  
1.Direct access to stats.php file allows you to see Elite News administrator's username.  
  
ex: www.example.com/elitenews/stats.php  
  
2.Fill in the administrator's username in login.html.  
Leave the password field blank.  
Click "Login".  
  
ex: www.example.com/elitenews/login.html  
  
3.Then directly access newpost.php to post a message as an Elite News administrator.  
  
  
  
Furthermore  
  
************  
  
login.php sets a cookie in your temporary internet files with the administrator's username.  
  
  
Cookie content:  
  
/elitenews  
ex: UserAdmin  
www.example.com/elitenews/  
1536  
2873507712  
29576153  
2673509856  
29576139  
*  
Elitenews  
1  
www.example.com/elitenews/  
1536  
2873507712  
29576153  
2673509856  
29576139  
*  
  
  
  
newpost.php "reads" this cookie and thus it's possible to see the "Send" and "Reset" buttons which are not shown if you don't login with the administrator's username.   
  
  
(Bogus) PHP Code/Location:  
  
/elitenews/newpost.php:  
------------------------------------------------------------------------  
  
<?php  
$admin = $HTTP_COOKIE_VARS["Elitenews"];   
if ($admin != "")  
{  
echo "<input <input type=submit value=Send><input type=reset value=Reset>";  
}  
?>  
  
------------------------------------------------------------------------  
  
It's also possible to access other Elite News files like modify.php, editordelete.php etc...  
  
  
Solution:  
  
*********  
  
The vendor has been contacted and a patch is not yet produced.  
  
  
Trash-80 - www.zone-h.org operator  
  
http://www.zone-h.org  
  
--   
______________________________________________  
http://www.linuxmail.org/  
Now with e-mail forwarding for only US$5.95/yr  
  
Powered by Outblaze  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Jul 2003 00:00Current
7.4High risk
Vulners AI Score7.4
security flawelite newsadministrative controlwindows unixzone-h security teamhigh severity
26