Security hole in MatrikzGB

Type securityvulns
Reporter Securityvulns
Modified 2003-08-19T00:00:00


Security hole in MatrikzGB Guestbook

Vulnerable Versions: Version 2.0 and prior Version 3 (not tested)

Summary: MatrikzGB was written by Thomas Hempel for A bug in index.php allows a user with a regular user account to give administrator rights to himself.

Details: The bug is in the user edit function: Every regular user is allowed to chanche rights or do any modifications on existing users. if ($new_username != "" && $new_password != "") { create_user($new_username,$new_password,$new_rights,$entry_index); echo "<tr><th class=\"ok\">Der Benutzer wurde angelegt!";

Example: This is a example how to give administrator rights to yourself.

Comment: When you got administrator rights,you can look up the passwords of all other users,they are in plaintext.

Vendor status: Vendor has been contacted.

by Stephan "mastamorphixx" S. ,member of #lostkey