‘TowerBlog Administrative Authentication Bypassing’

Published on April 12th, 2005
Summary

TowerBlog is, in short, a ‘single user web-log (or web journal if you will) content management system, aka CMS’. Due to bad coding practices a remote attacker can cause the TowerBlog to think that an administrator is accessing the system and grant him administrative privileges to the blog, this without having to know the username and password of the administrator.’

Credit:

‘The information has been provided by Noam Rathaus.’


Details

Vulnerable Systems:
 * TowerBlog version 0.6 and prior

By accessing the TowerBlog system with a cookie named TowerBlog_LoggedIn whose value has been set to 1 a remote user can impersonate an administrator of the blog system.

Vendor Status:
Vendor has been informed, as of writing of this advisory he plans on not fixing this problem as he lost interest in continuing the development of the product.’

Categories: UNIX
Tags:

Related Posts

UNIX

‘ProFTPD Response Pool Use-After-Free Code Execution Vulnerability’

'This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server.'

UNIX

‘Insight Control for Linux Multiple Vulnerabilities’

'Remote unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure and Denial of Service (DoS) vulnerabilities were identified in Insight Control for Linux.'

UNIX

‘HP-UX Running NFS/ONCplus Denial of Service Vulnerability’

'A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX.'