Lucene search
K

almondClassifieds.txt

🗓️ 20 Nov 2005 00:00:00Reported by AlexievType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 21 Views

A vulnerability in Almond Classifieds allows unauthorized editing of classified ad

Code
`A vulnerability discovered in Almond Classifeds  
( http://www.almondsoft.com/alcl.html )  
  
vulnerability is due omit check of password in "editform"  
user can edit any add in the classifieds  
  
if we post new add we can edit our add  
in the "editform" section there are 2 hidden fields:  
  
<input type='hidden' name='ed_id' value='xxx'>  
<input type='hidden' name='ed_passw' value='******'>  
  
by changing the number of add - 'ed_id' field and submiting the changes  
add with new id number is OVERWRITE!  
  
...and mass editing can be performed by script simply cycling  
the 'ed_id' value and sending POST requests.  
  
---------------------------------------------  
Alexiev - alexiev[at]globalnetsystem.com  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 Nov 2005 00:00Current
7.4High risk
Vulners AI Score7.4
21