Admin Access Vulnerability in Community Wizard
Admin Access Vulnerability in Community Wizard
Affected Systems: Community Wizard
version: 5.1 (and possibly earlier versions)
Vendor: http://www.sepcity.com , http://www.commwiz.com
Issue: gain admin access
Released: 18 September 2003
Introduction:
=============
"Community Wizard allows anyone to run their own web Portal site without any
programming knowledge. Features includes: user login/signup, site search, user
profiles, content management, user management, adserver, search engines,
forums, file libraries, guestbook, instant messenger, full administration
section to allow the admin to manage the web site with page editors, module
editors, general setup, site layout and several modules."
Details:
========
It is possible to gain admin access due to a flaw in the 'login.asp' file.
due to a flaw in the script that checking the username and the password it is
possible to gain admin access by using this code 'or''=' as the password and
not important what the username that you enter, you can enter whatever in the
Username field.
Username: whatever
Password: 'or''='
Vendor status:
==============
The vendor has been informed, and bug has been fixed as they told me.
Discovered by/Credit:
=====================
Bahaa Naamneh
b_naamneh@xxxxxxxxxxx
http://www.bsecurity.tk