Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMark StanislavPACKETSTORM:96738
HistoryDec 15, 2010 - 12:00 a.m.

Pointter PHP Content Management System 1.0 Privilege Escalation

2010-12-1500:00:00
Mark Stanislav
packetstormsecurity.com
20

0.014 Low

EPSS

Percentile

85.0%

JSON
`'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)  
Mark Stanislav - [email protected]  
  
  
I. DESCRIPTION  
---------------------------------------  
A vulnerability exists in the 'Pointter PHP Content Management System' authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.  
  
  
II. TESTED VERSION  
---------------------------------------  
1.0  
  
  
III. PoC EXPLOIT  
---------------------------------------  
Using whatever method you prefer, generate 'auser' and 'apass' cookies. The values of each cookie are irrelevant; the mere presence of the cookies provide the administrative privilege.  
  
  
IV. NOTES   
---------------------------------------  
* Here's a snippet of the final reply that I received from the vendor:  
"Of course, it could be made safer and we know how to do it. But we have designed the softwares so that renaming admin folder gives us less work. As you know, the users should know the security issues as they will run this and not us."  
  
  
V. SOLUTION  
---------------------------------------  
* There is no update released at this time. Avoidance of this software is recommended until an updated version is available.  
  
  
VI. REFERENCES  
---------------------------------------  
http://www.pointter.com/  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4332  
http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/  
  
  
VII. TIMELINE  
---------------------------------------  
11/23/2010 - Initial vendor disclosure e-mail sent  
11/24/2010 - Reply from vendor informing me that my 'software manipulation' was illegal  
11/24/2010 - Response to vendor regarding their accusation of illegal actions on my part  
11/24/2010 - Reply from vendor stating that by releasing this information, I am committing a crime  
11/24/2010 - Response to vendor that their software is CC-licensed and that their accusations are unfounded  
11/24/2010 - Rebuttal from vendor again affirming I was breaking the law by disclosing this vulnerability  
11/24/2010 - Reply to vendor again stating my intent to help the company and provide responsible disclosure  
11/24/2010 - Response from vendor stating they would no longer respond and explained their stance on fixing this issue  
11/24/2010 - Final reply to vendor stating that I was happy to work with them on a delayed disclosure if desired  
12/15/2010 - Public disclosure  
`

Related

exploitpack 1
seebug 1
securityvulns 2
cve 1
prion 1
exploitdb 1
exploitpack
exploitpack
Pointter PHP Content Management System - Unauthorized Privilege Escalation
2010-12-15 00:00:00
seebug
seebug
Pointter PHP Content Management System Unauthorized Privilege Escalation
2014-07-01 00:00:00
securityvulns
securityvulns
'Pointter PHP Micro-Blogging Social 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)
2010-12-17 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-12-17 00:00:00
cve
cve
CVE-2010-4332
2010-12-22 03:00:00
prion
prion
Authentication flaw
2010-12-22 03:00:00
exploitdb
exploitdb
Pointter PHP Content Management System - Unauthorized Privilege Escalation
2010-12-15 00:00:00

0.014 Low

EPSS

Percentile

85.0%

JSON
Related for PACKETSTORM:96738
exploitpack1seebug1securityvulns2cve1prion1exploitdb1