openjournal2.5.txt

2004-02-07T00:00:00
ID PACKETSTORM:32643
Type packetstorm
Reporter Tri Huynh
Modified 2004-02-07T00:00:00

Description

                                        
                                            `Open Journal Blog Authenticaion Bypassing Vulnerability  
=================================================  
  
PROGRAM: Open Journal  
HOMEPAGE: http://www.grohol.com/downloads/oj/  
VULNERABLE VERSIONS: 2.5 and below  
  
  
DESCRIPTION  
=================================================  
  
OpenJournal is a completely Web-based interface  
(say bye-bye to FTP, manual archiving, etc.). Features  
include: automated file creation; automated index  
updating; editing of all files through a Web-based  
interface; entries with or without titles and time posted;  
automated archiving based on a weekly or monthly format.  
All done through ordinary text files and no additional  
perl modules needed to run it  
  
DETAILS  
=================================================  
By feeding special crafted data into the uid parameter of the URL, an  
attacker  
can by pass the authentication process and access directly  
to the software's control panel.  
The below example will let the hacker add a new user to the software  
account database.  
  
http://www.test.com/cgi-bin/oj.cgi?db=default&uid=%00&userid=hacker&auth=adduser  
  
  
WORKAROUND  
=================================================  
Open Journal's author (Dr John Grohol) is contacted.A patched version  
(2.6) is ready for downloading on the website.  
  
  
CREDITS  
=================================================  
  
Discovered by Tri Huynh from SentryUnion  
  
  
DISLAIMER  
=================================================  
  
The information within this paper may change without notice. Use of  
this information constitutes acceptance for use in an AS IS condition.  
There are NO warranties with regard to this information. In no event  
shall the author be liable for any damages whatsoever arising out of  
or in connection with the use or spread of this information. Any use  
of this information is at the user's own risk.  
  
  
FEEDBACK  
=================================================  
  
Please send suggestions, updates, and comments to: trihuynh@zeeup.com  
`