Improper authentication checking in Alan Ward Acart

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Improper authentication checking in Alan Ward Acart
From: <parag0d@xxxxxxxxxxxx>
Date: 4 Dec 2003 06:12:42 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Vulnerability:  Improper authentication checking for delete

Discussion:     Due to improper authentication checking a pop-up opened by any 
of the multiple XSS vulnerabilities by the admin of the site can cause a 
database compromise.

Exploit:        By using one of the multiple XSS vulnerabilities in this 
script, an attacker can cause the site administrator to open a new window and 
delete products or entire categories of products from the database.  The syntax 
is below:
        
www.example.com/acart2_0//admin/category.asp?catcode=1&stage=delete

Solution:       The developer needs to implement a new authentication mechanism 
for deletion of data.

Credit: CyberArmy Application and Code Auditing Team
        Parag0d

The developer was contacted regarding this matter, but never gave a reply.

Prev by Date: Re: [ANNOUNCE] glibc heap protection patch
Next by Date: [ESA-20031204-032] 'rsync' heap overflow vulnerability
Previous by thread: SuSE Security Announcement: Kernel brk() vulnerability (SuSE-SA:2003:049)
Next by thread: [ESA-20031204-032] 'rsync' heap overflow vulnerability
Index(es):
- Date
- Thread