ACSblog bug

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ACSblog bug
From: farhad koosha <farhadkey@xxxxxxxxx>
Date: 23 Apr 2005 17:10:21 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


*/ WWW.BAHADORLOVER.COM \*

ACSblog :
A asp weblog with manageable code blocks and logical structure make it easy for 
the novice to get into the code and customize it to your site. Full-featured 
enough for expert bloggers

vendor:www.asppress.com

Where is the bug ?

inc_login_check.asp 

<% if request.cookies(cookiename)="in" then
ihaveadminright=true
else
ihaveadminright=false
end if
%>

---------------

Default cookiename is "ACSBlog12345" and you can create a cookie or using http 
headers -> ACSBlog12345=in

---------------

vulnerable versions:
0.8
1.0
1.0.1
1.0.2
1.0.3
1.1
1.1.2
1.1.3
Commercial Version

3NITRO : www.bahadorlover.com

Prev by Date: Multiple Sql injection vulnerabilities in BK Forum v.4
Next by Date: New auto download / install / exploit URL?
Previous by thread: Multiple Sql injection vulnerabilities in BK Forum v.4
Next by thread: New auto download / install / exploit URL?
Index(es):
- Date
- Thread