‘TowerBlog Administrative Authentication Bypassing’

Summary

TowerBlog is, in short, a ‘single user web-log (or web journal if you will) content management system, aka CMS’. Due to bad coding practices a remote attacker can cause the TowerBlog to think that an administrator is accessing the system and grant him administrative privileges to the blog, this without having to know the username and password of the administrator.’

Credit:

‘The information has been provided by Noam Rathaus.’


Details

Vulnerable Systems:
 * TowerBlog version 0.6 and prior

By accessing the TowerBlog system with a cookie named TowerBlog_LoggedIn whose value has been set to 1 a remote user can impersonate an administrator of the blog system.

Vendor Status:
Vendor has been informed, as of writing of this advisory he plans on not fixing this problem as he lost interest in continuing the development of the product.’

Categories: UNIX